cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Does WindchillDS Admin account really need to be used for Apache authentication?

Highlighted
Newbie

Does WindchillDS Admin account really need to be used for Apache authentication?

I have built a remote Apache Webserver in a DMZ that proxies our internal Windchill Application for external Internet users and am doing a final review of the security of the system.

I am concerned that, by default, the WindchillDS Apache Auth config files use the WindchillDS Administrator account (cn=manager) to authenticate external users against the WindchilDS LDAP repository - isn't this an unnecessary security risk, especially as the credentials are stored clear text in the app-Windchill-Auth.conf file on the Apache server in the DMZ?

It seems to me that all Apache needs is Read Only access to the WindchillDS LDAP repository in order to authenticate users' passwords, so would it not be possible (and preferable) for the default Windchill configuration to use a lower privileged WindchillDS account rather than the Administrator account?

Or am I missing something here...

Rgds

Gary