[sork] passwd composite works - worried opened security hole
Mark Worsdall
sork at worsdall.demon.co.uk
Sun Feb 19 17:16:10 PST 2006
Hi,
On this system I am using poppasswd and ldap in the composite driver
section.
I 1st got poppasswd going then got ldap going successfully, then
combined into the composite part.
My worry is it worked 1st time and so have I done something that will
allow any user to access the unix account, but mainly the users ldap
account?
$uid = Auth::getAuth();
$backends['composite'] = array(
'name' => ' UNIX & LDAP accounts AT Shadow.',
'preferred' => '',
// Not really the password policy, just removed even
// though this is on office machine and not on Internet
'password policy' => array(),
'driver' => 'composite',
'params' => array('drivers' => array(
'poppassd' => array(
'name' => 'Poppassd Server',
'driver' => 'poppassd',
'required' => true,
'params' => array(
'host' => 'thoth.shadow.local',
'port' => 106
),
),
'ldap' => array(
'name' => 'LDAP Server',
'driver' => 'ldap',
'required' => true,
'params' => array(
'host' => 'thoth.shadow.local',
'port' => 389,
'basedn' => 'uid=' . $uid . ',ou=account,dc=shadowrobot,dc=com'
'realm' => 'ou=account,dc=shadowrobot,dc=com',
'encryption' => 'crypt',
'tls' => false
),
),
)),
);
Oh and is the password policy truley global to both passwords if before
each driver params?
Hate it when things go to well. its un-nerving!!
M.
--
Mark Worsdall
http://www.shadowrobot.com/ need a hand??
More information about the sork
mailing list