[389-users] Changelog encryption
Arpit Tolani
arpittolani at gmail.com
Thu Nov 22 17:47:52 UTC 2012
Hello
On Thu, Nov 22, 2012 at 12:43 PM, Andreas Kekkou
<kekkou.andreas at cs.ucy.ac.cy> wrote:
> Hi,
>
> Is the changelog encryption option available on CentOS Directory Server 8.2?
> I have followed the instructions from
> http://directory.fedoraproject.org/wiki/Changelog_Encryption without any
> luck.
>
Not sure about Centos DS, but this is fixed with RHDS.
http://rhn.redhat.com/errata/RHSA-2012-1041.html
<snip>
A flaw was found in the way Red Hat Directory Server handled password
changes. If an LDAP user had changed their password, and the directory
server had not been restarted since that change, an attacker able to bind
to the directory server could obtain the plain text version of that user's
password via the "unhashed#user#password" attribute. (CVE-2012-2678)
It was found that when the password for an LDAP user was changed, and audit
logging was enabled (it is disabled by default), the new password was
written to the audit log in plain text form. This update introduces a new
configuration parameter, "nsslapd-auditlog-logging-hide-unhashed-pw", which
when set to "on" (the default option), prevents Red Hat Directory Server
from writing plain text passwords to the audit log. This option can be
configured in "/etc/dirsrv/slapd-[ID]/dse.ldif". (CVE-2012-2746)
</snip>
> Regards,
> Andreas
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
Thanks & Regards
Arpit Tolani
More information about the 389-users
mailing list