I have a MariaDB instance which is using PAM to auth against Active Directory. Is remote authentication with this service secure? I ran a Wireshark trace during the auth process, and passwords are not sent in the clear, but how secure is the hashed password?
Asked
Active
Viewed 642 times
1 Answers
1
AFAIK PAM needs to receive the password as clear text to be able to use various backends, so either the passwords have to be send as clear text or in a revertable, not secure way.
See also: http://dev.mysql.com/doc/mysql-security-excerpt/5.5/en/pam-authentication-plugin.html
alkopedia
- 11
- 1