COMMAND

	Volution Manager: Directory Administrator password in cleartext

SYSTEMS AFFECTED

	Volution Manager 1.1

PROBLEM

	In Caldera International, Inc.  Security Advisory CSSA-2002-024.0:
	

	Volution  Manager  stores  the  unencrypted  Directory  Administrator\'s
	password in the /etc/ldap/slapd.conf file.
	

	

SOLUTION

	Volution Manager  stores  the  un-encrypted  Directory  Administrator\'s
	password in the  /etc/ldap/slapd.conf  file.  The  password  line  looks
	similar to this:
	

	

			rootpw		<clear_text_password>

	

	

	Caldera strongly recommends that you encrypt this  password,  using  the
	following steps:
	

	As the root user, run slappasswd, entering your desired password at  the
	prompts (the example uses newpasswd as the new  password;  the  password
	will not be seen as you type it).
	

	

		# slappasswd

		New password: newpasswd

		Re-enter new password: newpasswd

		{SSHA}AvcGnFPjUCqbIs/Ki8XfiOYJwttfwnRz

		#

	

	

	The   output   is   the   new,   encrypted   password.   In   the   file
	/etc/ldap/slapd.conf, replace the  previous  rootpw  line  with  a  line
	containing the new, encrypted password so that the  line  looks  similar
	to this:
	

	

		rootpw		{SSHA}AvcGnFPjUCqbIs/Ki8XfiOYJwttfwnRz