On Saturday 05 May 2007 16:13, Peter Samuelson <[EMAIL PROTECTED]> wrote: > [Roberto C. Sánchez] > > > You mean that the passwords go in the clear? > > Yes, unless you are securing the entire LDAP session, using SSL.
Does the pam_ldap module allow you to store the SSL key for the server or authenticate the server with a certificate? If not then SSL only stops passive sniffing not a MITM attack. -- [EMAIL PROTECTED] http://etbe.coker.com.au/ My Blog http://www.coker.com.au/sponsorship.html Sponsoring Free Software development
