ldaplist -l passwd

From: ahaukin@hushmail.com
Date: Fri Sep 19 2003 - 11:43:50 EDT


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi gurus

A colleague just pointed out to me a nasty security bug in our native
LDAP setup (Solaris 8 with Netscape 4.x on the server, mix of 8 and 9
clients).

On a solaris 9 client

 ldaplist -l passwd | grep password

returns lots of entries with crypted passwords. This works even if ldaplist
is run by a non-root user. I assume this is a problem with permissions
in the directory server? Can anyone suggest a fix?

Ahau K'in
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.3

wkYEARECAAYFAj9rJAEACgkQ7F/YCIy3rWHRRwCghooSKW1p11eKqqTmhUWIiBLmK58A
oLRh1sz7YkaphhHhNPscXmEFE7aT
=6fnC
-----END PGP SIGNATURE-----

Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers



This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:27:09 EDT