On Fri, 14 Jun 2002, John Dalbec wrote:
> I would like to suggest the following patch. Inspecting the code in
> ldap.c suggests that the obvious authenticator (with
> "server_condition=${lookup ldapauth...") creates an open relay since
> LDAP binds with an empty password are considered anonymous regardless of
> the username and will succeed in most configurations. Of course, this
> check can be done in the authenticator, but IMO this is an unnecessary
> configuration pitfall.
Thanks for the suggestion. I'll look at the patch in due course.
Philip
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.