[ltb-dev] [LDAP Tool Box - Feature #823] Store bind password in config.inc.php other than clear text

noreply at lsc-project.org noreply at lsc-project.org
Thu Jan 21 14:40:58 CET 2016


Issue #823 has been updated by Clément OUDOT.

Assigned to set to Clément OUDOT

The user old password is checked after the account is found in LDAP directory, this would be a big rewrite of the code to change this.

You can't crypt password cause you need to have the plain text password to bind to LDAP.

You can try to look at GSSAPI if you want to delegate authentication,
----------------------------------------
Feature #823: Store bind password in config.inc.php other than clear text
http://tools.lsc-project.org/issues/823

Author: Andre Mariano
Status: New
Priority: Normal
Assigned to: Clément OUDOT
Category: Self Service Password
Target version: self-service-password-?


To adhere to my local security policy I can't allow binding anonymously nor can I have the bind password in clear text in the config.in.php file.  Is/would it be possible to have the password variable set with any sort of encryption?  Or, ideally, can I have it setup to bind using the user's old password captured from the form?

Thanks,
Andre


-- 
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ltb-project.org/pipermail/ltb-dev/attachments/20160121/525a9898/attachment.htm>


More information about the ltb-dev mailing list