Hey, if we could encrypt the password or the file and
have jive decrypt it somehow using a key stored
somewhere else on the server, that would be great. I
know that the key has to be stored somewhere but that
would be the optimal solution for me…I know that I
could lock down the permissions, but the concern
comes from higher up the food chaing the myself.
I don’'t quite get it though. How would storing the decryption key somewhere else on the machine increase security vs setting the right permissions on the config file? Is this just an issue of perception?
As an aside, having to type a password everytime
messenger starts up wouldn’'t be terrible.
Ok, good to know.
Let me see if I understand the process…the only time that the
AD is queried is when the server is started? So if I
change my AD password today my jabber password
doesn’'t change until I restart jive?
No, two types of AD queries are done:
Every time a user needs to authenticate, a bind is done to the directory using their credentials. This doesn’'t use the adminDN or password.
When information about a user needs to be loaded or when a list of users needs to be loaded, that’'s done using the adminDN and password.
Another thing that might help – you really just need the adminDN to be able to read all user records in the directory. It doesn’'t need to have full admin control. So, you can create a user in LDAP that just has full read permission, which should provide better security and then use that from Jive Messenger.