[Fedora-directory-users] Disable TLS/SSL security check for password changing
- First Post
- Replies
- Stats
-
Go to
- ----- 2024 -----
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
I'm trying to configure Fedora Directory Server as a back-end to Samba
3.x and I've succeeded in doing that with just one exception.
There seems to be a security mechanism that prevents users from changing
their passwords over non-SSL/TLS connections. (and gives the following
error: "Operation requires a secure connection")
I'm assuming this can be specified somewhere on the administrative
console so instead of wasting days looking I thought this would be a
good place to ask this question :)
Bottom line, how do I disable the security check that demands TLS/SSL
connection in order to change passwords ?
Sunday, 16 July
Sun, 16 Jul
3:58 p.m.
New subject: [Fedora-directory-users] Disable TLS/SSL security check for password changing
Sævaldur Arnar Gunnarsson wrote:
Bottom line, how do I disable the security check that demands TLS/SSL
connection in order to change passwords ?
You can't, without editing the source code that is.
RFC3062 says:
4. Security Considerations
This operation is used to modify user passwords. The operation
itself does not provide any security protection to ensure integrity
and/or confidentiality of the information. Use of this operation is
strongly discouraged when privacy protections are not in place to
guarantee confidentiality and may result in the disclosure of the
password to unauthorized parties. This extension MUST be used with
confidentiality protection, such as Start TLS [RFC 2830]. The NULL
cipher suite MUST NOT be used.
There was a hack put in during development that allowed sanity to be
preserved while debugging the feature, by disabling the requirement for
SSL. You could flip that on and recompile. See here:
http://cvs.fedora.redhat.com/lxr/dirsec/source/ldapserver/ldap/servers/sl...
Jason Russler
Monday, 17 July
Mon, 17 Jul
12:26 p.m.
New subject: [Fedora-directory-users] Disable TLS/SSL security check for password changing
Are you sure it's not the LDAP client that's requiring a secure
connection? I'm pretty sure FDS will happily replace password entries
without SSL/TLS. Since I've never done this with Samba I can't help any
more than that.
Sævaldur Arnar Gunnarsson wrote:
I'm trying to configure Fedora Directory Server as a back-end to
Samba
3.x and I've succeeded in doing that with just one exception.
There seems to be a security mechanism that prevents users from changing
their passwords over non-SSL/TLS connections. (and gives the following
error: "Operation requires a secure connection")
I'm assuming this can be specified somewhere on the administrative
console so instead of wasting days looking I thought this would be a
good place to ask this question :)
Bottom line, how do I disable the security check that demands TLS/SSL
connection in order to change passwords ?
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
6490
days inactive
6491
days old
389-users@lists.fedoraproject.org
2 comments
3 participants
tags (0)
participants (3)
-
Arnar Gunnarsson -
David Boreham -
Jason Russler