Bug #941
closed
LDAP Auth source password stored cleartext
Added by Jacob McCann almost 13 years ago.
Updated almost 13 years ago.
Description
When using a LDAP Auth source and specifying a username/password the password is stored as cleartext in the DB. However, for local user auth, passwords are being stored as a hash. Please update to have LDAP Auth source passwords hashed also.
- Status changed from New to Feedback
since we need to authenticate with, I'm not sure if you can store it in an encrypted mode which cant be decrypted easily.
since decryption needs a key to decrypt, and foreman needs access to that key, anyone could simply use the key to unlock the password back to clear text.
the best way around this problem, is simply to use the user credeintails to authenticate to the ldap server (hence no ldap password and use of $login as the ldap user).
I am using the method you suggested so this does not impact me anymore.
I'm not sure completely if I understand the reasoning for storing it as plaintext in the DB still though, but this is due to a lack of knowledge on my part. If there are limitations then so be it.
- Status changed from Feedback to Rejected
Also available in: Atom
PDF