| << Back to previous view |
|
[QB-167] LDAP Authentication is cleartext
|
|
| Status: | Resolved |
| Project: | QuickBuild |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Critical |
| Reporter: | Tom McGlynn | Assigned To: | Robin Shen |
| Resolution: | Fixed | Votes: | 0 |
| Remaining Estimate: | Unknown | Time Spent: | Unknown |
| Original Estimate: | Unknown | ||
| Description |
|
LDAP Authentication should have an option to use SASL. The current implementation passes user's credentials in cleartext. This is a big security issue at my company.
|
| Comments |
| Comment by Robin Shen [ 21/Nov/06 06:23 PM ] |
|
How about using LDAP over SSL which is already supported by QuickBuild. Regards. Robin |
| Comment by Tom McGlynn [ 22/Nov/06 01:21 PM ] |
| That's a good suggestion. However, it can be difficult to get the public key. I spent a couple ot weeks trying to find the right person in IT who had any clue what I was talking about. Is there a "TLS_REQCERT never" option? If not, a SASL option would be nice. |
| Comment by Robin Shen [ 22/Nov/06 04:03 PM ] |
| Currently there is no such option. We'll investigate on this. Thanks. |