-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/17/2011 11:04 AM, Tim wrote: > On Mon, 2011-01-17 at 09:51 -0500, Stephen Gallagher wrote: >> One change from older versions of Fedora is that, with SSSD, you >> cannot use authentication against LDAP without encryption. This is >> because the simple bind password would otherwise be sent in the clear >> over the wire. Older versions of Fedora allowed using unencrypted >> auth, but no longer (for your protection). > > Just of curiosity: Does that actually stop the client sending a > password out in the clear? > Yes, if you're authenticating through SSSD, then before we attempt to perfom an LDAP bind, we check to see if the channel is encrypted (either through LDAPS, LDAP+TLS or LDAP+GSSAPI). If it is not, we will not perform the bind and simply return authentication failure internally. - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk00nTMACgkQeiVVYja6o6P5CwCgoPCnJM6e7O7fLg8DI39ilsS5 LpUAoJIEhApkFDESwz7cVlJT85KHlyqC =oPU9 -----END PGP SIGNATURE----- -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
