[sork] passwd composite works - worried opened security hole

Mark Worsdall sork at worsdall.demon.co.uk
Sun Feb 19 17:16:10 PST 2006


Hi,

On this system I am using poppasswd and ldap in the composite driver 
section.

I 1st got poppasswd going then got ldap going successfully, then 
combined into the composite part.

My worry is it worked 1st time and so have I done something that will 
allow any user to access the unix account, but mainly the users ldap 
account?

$uid = Auth::getAuth();
$backends['composite'] = array(
   'name' => ' UNIX & LDAP accounts AT Shadow.',
   'preferred' => '',
    // Not really the password policy, just removed even
    // though this is on office machine and not on Internet
   'password policy' => array(),
   'driver' => 'composite',
   'params' => array('drivers' => array(
        'poppassd' => array(
            'name' => 'Poppassd Server',
            'driver' => 'poppassd',
            'required' => true,
            'params' => array(
                'host' => 'thoth.shadow.local',
                'port' => 106
             ),
        ),
    'ldap' => array(
        'name' => 'LDAP Server',
        'driver' => 'ldap',
        'required' => true,
        'params' => array(
          'host' => 'thoth.shadow.local',
          'port' => 389,
          'basedn' => 'uid=' . $uid . ',ou=account,dc=shadowrobot,dc=com'
          'realm' => 'ou=account,dc=shadowrobot,dc=com',
          'encryption' => 'crypt',
          'tls' => false
        ),
    ),
  )),
);


Oh and is the password policy truley global to both passwords if before 
each driver params?

Hate it when things go to well. its un-nerving!!

M.
-- 
Mark Worsdall
http://www.shadowrobot.com/  need a hand??


More information about the sork mailing list