<< Back to previous view |
[QB-167] LDAP Authentication is cleartext
|
|
Status: | Resolved |
Project: | QuickBuild |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Critical |
Reporter: | Tom McGlynn | Assigned To: | Robin Shen |
Resolution: | Fixed | Votes: | 0 |
Remaining Estimate: | Unknown | Time Spent: | Unknown |
Original Estimate: | Unknown |
Description |
LDAP Authentication should have an option to use SASL. The current implementation passes user's credentials in cleartext. This is a big security issue at my company.
|
Comments |
Comment by Robin Shen [ 21/Nov/06 06:23 PM ] |
How about using LDAP over SSL which is already supported by QuickBuild. Regards. Robin |
Comment by Tom McGlynn [ 22/Nov/06 01:21 PM ] |
That's a good suggestion. However, it can be difficult to get the public key. I spent a couple ot weeks trying to find the right person in IT who had any clue what I was talking about. Is there a "TLS_REQCERT never" option? If not, a SASL option would be nice. |
Comment by Robin Shen [ 22/Nov/06 04:03 PM ] |
Currently there is no such option. We'll investigate on this. Thanks. |