Hi, IPA has really been a great Project. But, I was really concerned about the security of IPA I have been testing it on RHEL 7 Beta for some time. ldapsearch is able to fetch the details from the IPA Server without Authentication. I would appreciate if IPA team could work on securing the IPA Server as it the most critical server if installed in an infrastructure. It exposes the details of all the users/admins in the environment. There should be a user that the IPA should use to fetch the details from the IPA Servers. Without Authentication , no one should be able to fetch any information from the IPA Server.
-- Regards, Rajnesh Kumar Siwal
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
