LDAP authentication method sends user password in plaintext fromat
I previously had used HASH authentication methods for local users. And I have tested, it does not send password in plaintext format during authentication. So all good.
But now I need to configure LDAP authentication method also. I have done so. So LDAP authentication indeed works.
But now I was just making sure, that passwords were not sent in plaintext format.
For that I did start packet capturing on ethernet interface:
tshark -i eth0 host 10.51.2.66 and port 5433 -w /tmp/outfile.log -c 12
In another session from another host, I tried authentication:
[[email protected] ~]$ vsql -h 10.51.2.66 -U ldap_user -w 'wrongSecretPass'
vsql: FATAL 3846: LDAP authentication failed for user "ldap_user"
I deliberately used wrong password, but regarding testing, it does not matter is it correct pass or not. The problem is that I was able to read this password in plaintext format by capturing network packets.
After I got this error, the packets were captured from the first session:
Capturing on 'eth0'
For the next step, I read this outfile with tcpdump command:
tcpdump -qns 0 -A -r /tmp/outfile.log | grep "wrongSecretPass"
reading from file /tmp/outfile.log, link-type EN10MB (Ethernet)
What must be done to make sure, that passwords are not sent in plaintext format..?