[unisog] LDAP access for 3rd parties

Oscar Knight knightod at appstate.edu
Wed Feb 13 11:37:21 GMT 2008


Hello Everyone,

If you give a 3rd party access to your ldap for the purpose of 
authenticating your users then they have access to your user's raw 
password.  To me this is a serious general controls issue.

We have other methods but are getting complaints from users that want 
3rd party applications and their vendor only seems to know ldap.  In 
part I'm getting a lot of "well, site A, site B,...  are all allowing us 
  to use their ldap service".

Comments.

Thanks,
odk
-- 
Oscar D. Knight                           knightod at appstate dot edu
ITS                                                Voice: 828-262-6946
Appalachian State University, Boone, NC 28608        FAX: 828-262-2236


More information about the unisog mailing list