Clear-text password for LDAP Bind?

NethServer Version: NethServer release 7.3.1611 (Final)
Module: Accounts Provider

“The password for the LDAP BIND operation. It is stored in clear-text format in the configuration e-smith database.”

Is that needed? It sounds insecure…

Also, when you type the password into Advanced Settings, not even the password is masked with “*”, why?

Thanks in advance!

@davidep is there any technical reason?

1 Like

It’s a usability choice, maybe good maybe bad. There’s plenty of blog post about masked password and usability. I think in this case an hidden password does not add more security.

It’s as secure as Linux filesystem permissions and Apache PHP module. That means it is not the best place where to store a secret, but should do the job :wink:

The password cannot be stored encrypted, because it must be decrypted, too, then sent across the network to the remote LDAP server (possibly through an SSL channel). So it is clear-text, but users of the system cannot read it (like other secrets, say httpd RSA private key…).

Anyway I suggest to store the credentials of an unprivileged account, because only read access is needed on the remote LDAP db.

1 Like