Security issue with pam-krb5 ?

Matthijs Mohlmann matthijs at
Wed Aug 27 14:16:53 EDT 2003

I read an article about KerberosV and OpenLDAP. And i read the

If you already have a database, but are using some other means of
storing the passwords, you will have to do some minor modifications to
the database. For example, my production server, which is a version
1.2.11 have the passwords in the LDAP database as '{crypt}CRYPTEDPW',
and is using libpam-ldap (and for migration purposes libpam-krb5 which
is NOT to recommend in a shared network environment since it binds in
clear text) to authenticate the users on all services (ssh/imap/pop/ftp

Am i right when i say libpam-krb5 send's the password cleartext over the
network ?


More information about the Kerberos mailing list