5.7. Storing Security Related Information in the Directory
Sensitive data can be stored safely in a directory. Sensitive data includes, but is not limited to, passwords, certificates, private keys, and any other data one deems sensitive and should not be readily visible to everyone. The following discussions elaborate on this topic.
5.7.1. Passwords
The most immediate and interesting case is the storing of passwords in the directory service because passwords can be used to authenticate oneself to the directory before data can be accessed. Access to the userPassword attribute (like all other data in the directory) is governed via access control provided by and enforced by the directory server.
By default, transmission of data between the directory ...
Get LDAP Implementation Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
