Package: libpam-ldap
Version: 184-8.5
Severity: normal
Tags: security
Hi!
After installing libpam-ldap in the default /etc/pam_ldap.conf the
pam_password entry is
pam_password crypt
This leads to password entries in the LDAP directory which contain
just "{crypt}XXXX...." so that they can be easily attacked. The
default should be
pam_password exop
so that the extended LDAP password update operation is used. Passwords
are then salted and hashed.
Best regards,
Robert
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
