Hi all, I'm setting up a local LDAP server with a pass-through authentication to another LDAP. I'm not clear about the encryption. Say the case is like this. CompB is set to have LDAP authentication. A ---> SSH ---> CompB ---> Local LDAP:389 ---> SASLAUTHD --> Global LDAP: 636 1. Password on the SSH session would be encrypted, isn't it? 2. How about when it goes to the local LDAP:389, would it be encrypted? Thank you. Fajar.
On Wednesday 15 February 2012 08:46:02 Fajar Priyanto wrote:> Say the case is like this. CompB is set to have LDAP authentication. > A ---> SSH ---> CompB ---> Local LDAP:389 ---> SASLAUTHD --> Global LDAP: 636 > > 1. Password on the SSH session would be encrypted, isn't it? > 2. How about when it goes to the local LDAP:389, would it be encrypted? >AFAIK not, it won't be encrypted. However, the only way to read that information would be to already have access to your computer (so you'd be screwed anyway) Regards
On Feb 14, 2012, at 5:46 PM, Fajar Priyanto wrote:> Hi all, > I'm setting up a local LDAP server with a pass-through authentication > to another LDAP. > I'm not clear about the encryption. > > Say the case is like this. CompB is set to have LDAP authentication. > A ---> SSH ---> CompB ---> Local LDAP:389 ---> SASLAUTHD --> Global LDAP: 636 > > 1. Password on the SSH session would be encrypted, isn't it?---- ldaps (port 636) would indeed be encrypted but it is deprecated and not typically started by default configurations these days. ----> 2. How about when it goes to the local LDAP:389, would it be encrypted?---- depends upon whether TLS is indicated and/or required. If you require it via an ACL on the LDAP server, then it succeeds only if the connection is made via TLS. If you require it at the client (TLS_ReqCert demand or hard), then it succeeds only if the connection is made via TLS. Craig