Appendix B. Security

Table of Contents

LAM configuration passwords
Use of SSL
LDAP with SSL and TLS
Chrooted servers
Protection of your LDAP password and directory contents
Apache configuration
Sensitive directories
Use LDAP HTTP authentication for LAM

LAM configuration passwords

LAM supports a two level authorization system for its configuration. Therefore, there are two types of configuration passwords:

  • master configuration password: needed to change general settings, create/delete server profiles and self service profiles

  • server profile password: used to change the settings of a server profile (e.g. LDAP server and account types to manage)

The master configuration password can be used to reset a server profile password. Each server profile has its own profile password.

Both password types are stored as hash values in the configuration files for enhanced security.