[freeipa PR#2812][opened] Require secure-binds for password login
by tiran
URL: https://github.com/freeipa/freeipa/pull/2812
Author: tiran
Title: #2812: Require secure-binds for password login
Action: opened
PR body:
"""
nsslapd-require-secure-binds restricts password based simple binds to
secure connections. It does not prevent a careless user from
transmitting a password in plain text. But it makes it obvious that he
did something bad. Password based bind attempts over an insecure
connections are refused with:
Confidentiality required: Operation requires a secure connection
Secure connections are:
* LDAP connections on port 389 with STARTTLS
* LDAPS connections in port 636
* LDAPI connections to a local Unix sockets
Anonymous bind (simple_bind with empty DN and password) and GSSAPI
bind operations are not affected.
nsslapd-require-secure-binds is enabled after 389-DS is configured for
TLS/SSL.
Signed-off-by: Christian Heimes <cheimes(a)redhat.com>
**NOTE** The change may cause compatibility issues with applications that don't perform secure binds.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2812/head:pr2812
git checkout pr2812
4 years