"Fossies" - the Fresh Open Source Software Archive
Member "ldap-account-manager-7.1/docs/manual/apbs05.html" (17 Mar 2020, 2158 Bytes) of package /linux/www/ldap-account-manager-7.1.tar.bz2:
Caution: In this restricted "Fossies" environment the current HTML page may not be correctly presentated and may have some non-functional links.
You can here alternatively try to browse
the pure source code or just view
the uninterpreted raw source code. If the rendering is insufficient you may try to find and view the page on the ldap-account-manager-7.1.tar.bz2
project site itself.
If your server is chrooted and you have no access to /dev/random or
/dev/urandom this can be a security risk. LAM stores your LDAP password
encrypted in the session. LAM uses rand() to generate the key if
/dev/random and /dev/urandom are not accessible. Therefore the key can be
easily guessed. An attaker needs read access to the session file (e.g. by
another Apache instance) to exploit this.