On 10/13/2023 7:45 AM, Marc wrote: >> So, I switched from ldaps to ldap, and suddenly, the synchronozation >> worked. > Ok that is bad, because that means your SSHA is going over a unencrypted > connection and afaik this ssha can be (easily?) brute forced with something > like john the ripper (only tried one account of mine, so could be not as bad > as I write)
Also: an unencrypted connection is vulnerable to man-in-the-middle attacks. A villain who is able to stage a man-in-the-middle attack could feed malicious data to your client - like, say, a user record with uid==0 and a password that the villain knows. -- Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris
