LDAP and passwords

William Muriithi william.muriithi-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Fri Jul 31 15:20:41 UTC 2009


2009/7/30 Darryl Moore <darryl-90a536wCiRb3fQ9qLvQP4Q at public.gmane.org>

> William Muriithi wrote:
> >
> > Do you mind describing your setup a little?  Use evolutions as an
> > example and take us through the authentication process.
> >
> >
> There should be some way to either get all the clients to access a
> single local cache for the password (something like KDE wallet perhaps)
> or make the password change utility update the various local client
> configurations immediately.

Okay, l get it now. Unfortunately, I do not see any other solution short of
using kerberos.

I could be wrong here, but  Keychain, KDE wallet, v-GO SSO and others all
work by saving all those passwords under a master password. If however, any
of the passwords change in the back end, authentication fails and these
applications pops up ask for the master password and then force you to
change the problematic password. This is actually the position you are in
currently, only that you do not have one wrapper application for the whole

> Is this a problem any of those other unmentionable operating systems
> have or not.

Actually, its not entirely an OS problem. I would call it an application
problem. The operating system never cache the password, you have to type it
fresh every time. Ok, Windows does allow that in some configuration, but
then that does not mean its prudent security wise

> Chris Browne, said in another post that Apple has this worked out. I'm
> surprised we don't have anything in the Linux world yet.
> Again, I have helped someone setup cyberduck on mac and we ended up using
keychain.  The process felt more like KDE wallet as keychain never requested
any information that would enable it co-ordinate with the ftp password
change. May be I am wrong here and its possible to use keychain in a more
complicated setup. May google on it someday, or hopefully someone here will
share the technical details of how it works.



> cheers,
> darryl
> --
> The Toronto Linux Users Group.      Meetings: http://gtalug.org/
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/legacy/attachments/20090731/c5506b4b/attachment.html>

More information about the Legacy mailing list