Jakub Hrozek wrote:
On Wed, Nov 30, 2016 at 09:41:51AM -0500, Mario Rossi wrote:
> sss_obfuscate is used locally on servers to replace clear text passwords in
> sssd.conf.
This is really not an SSSD question, but a generic
deployment/configuration question, so whatever you use to push the
configs to your server, be it puppet, ansible or something similar
should work.
That said, please read the manpage of sss_obfuscate. There is really no
security benefit of using obfuscated password versus a clear text bind
password, [..]
It might be better to consider authenticating using something like
Kerberos keytabs.
Or use client certs with SASL/EXTERNAL.
Ciao, Michael.