Posted by: Anonymous Coward
on December 17, 2004 01:59 AM
This is extremely convenient, but be aware that your passwords are now traversing the network in plain text. Anyone who can sniff the traffic between the linux box and the AD system can capture any passwords used for authentication. If this is not acceptible in your situation, you can set up TLS-encryption, which involves creating a certificate for the AD system and telling the linux box that it can trust the cert or using an alternative authentication method like kerberos against the same AD system. This would allow you to get important info like uids and other naming information via LDAP, but securely encrypt critical information like passwords. Both of these scenarios are beyond the scope of this article, but it's important to be aware of the issues involved.
Learn about Linux
Download Linux
Get Linux help
passwords in plaintext
Posted by: Anonymous Coward on December 17, 2004 01:59 AM#