11:09 a.m.
Hi all,
Does "cache-credentials" option need a LDAPS connection or can we set it up
over LDAP too?
Cheers
2:33 p.m.
On Mon, Sep 21, 2015 at 06:09:08PM +0200, mathias dufresne wrote:
Hi all,
Does "cache-credentials" option need a LDAPS connection or can we set it up
over LDAP too?
Cheers
It's quite unrelated. SSSD is built so that authentication never happens
over unencrypted channel -- it's either TLS or LDAPs.
What cache_credentials does is that after the user has successfully
authenticated, SSSD takes his credentials, hashes them and stores the
hash in the cache. Then, if the server is not available, it's possible
to compare the provided credentials with the hash and log in the user in
offline mode.
3:06 p.m.
Jakub Hrozek wrote:
On Mon, Sep 21, 2015 at 06:09:08PM +0200, mathias dufresne wrote:
> Does "cache-credentials" option need a LDAPS connection or can we set it
up
> over LDAP too?
SSSD is built so that authentication never happens
over unencrypted channel -- it's either TLS or LDAPs.
And that's a good thing!
We have 2015: Since several years nobody should send passwords over clear-text
connections anymore.
Ciao, Michael.
3138
days inactive
3138
days old
sssd-users@lists.fedorahosted.org
2 comments
3 participants
participants (3)
-
Jakub Hrozek -
mathias dufresne -
Michael Ströder