Ben, I would like to use GSSAPI for my replication. Would you be willing to share how you went about it?
Thanks, Brendan On Fri, Mar 8, 2024, 1:05 PM Ben Poliakoff <[email protected]> wrote: > You definitely won't be able to use a password hash as a credential for > syncrepl. A hash is a one way function so you can't readily drive the > password from it (except via exhaustive brute force). > > To avoid storing a clear text password in your config, you'll need to use > another mechanism such as GSSAPI. That's what I use in my installations. > x509 certificates/keys might be another option. > > All of the options are more complicated that using a plain text password, > but they're also bit more secure. > > Ben > > On Fri, Mar 8, 2024, 9:43 AM <[email protected]> wrote: > >> How to configure olcSyncrepl without a plaintext password? I tried using >> credentials="{SSHA256}jRlrKRCcrhYo7SqbPDc5WkoSxaHc8y/e0DPWaAnveUkQpQ7wEOWhsw==" >> format. Does olcSyncrepl accepts password in {SSHA256} format? >> >
