Re: heimdal hdb

[Luke Howard <lukeh@PADL.COM>]

Hi James,

>a) Using your Solaris database conversion routines and holding
>   the users kerberos passwd in the user entry the SCOPE of the
>   ldap search needs to be further than BASE or ONE, I found SUBTREE
>   works just fine!

Good point. This should probably be changed in the code.

>b) access to * 
>        by sockurl="^ldapi:///$" write 
>   is too open - means anyone/process on KDC machine can modify data base.
>   Really need authenticated access (SIMPLE or SASL) by the equiv of the
>   Solaris 8 "proxyagent". You do an ldap_init but DONT bind with any
>   dn/password combination so its just anon. access!

If you gave it a password, you would have to put the password in a
configuration file. If that configuration file was readable by root,
anyone with root priveleges could access the LDAP server using
local access. Simpler just to make /tmp/.ldap-sock have root-only
permissions; you avoid the psychological sense of security of
putting a password in a text file (!) and have exactly the same
real level of security.

>I agree with you that there are ramificiations with using ldap for
>"private" information but with requisite ACL should be possible to make
>secure. I thought I would give it a try!! I am really in two minds about
>this!! - its nice to have all databases on one super-secure system with
>ALL info needed to run system (replicated) but equally can one make the
>systems as secure as having private keys on completely seperate system?

It is an administrative trade-off.

i
-- Luke


--
Luke Howard | lukehoward.com
PADL Software | www.padl.com