Setting trustStore in script?

Cantor, Scott cantor.2 at osu.edu
Tue Aug 26 15:43:15 EDT 2014


On 8/26/14, 3:32 PM, "Patrick Steffes" <psteffes at umich.edu> wrote:
>
>As all is working well I'm just hoping to get some more information on if
>I 
>should be able to set this value in the script or if this working as
>expected?

Don't know, but I would point out that if you're using ldaps with Java's
native JNDI code, I believe you have a gaping hole, there's no hostname
verification performed. I discovered that a few years ago.

The best thing you can do is probably use a self-signed long-lived
certificate on LDAP servers and restrict your trust list to only that key.
With so many hostname verification bugs around, that's the best defense,
and it's the best security model overall anyway.

-- Scott



More information about the users mailing list