Hi,
Wondering about the following. Users are authenticated in our application by certificates attached to their LDAP entries. There is also a password associated but this the users never use or are even aware of; they have no means of updating it. Is not a password sitting there a risk of some sort? Should not the password attribute be removed and password access be disabled? Don't know what best practice is or what's possible. Don't see anything specific about coordinating SSL and password access in doco, it just seems to be a case of enable SSL and forget about passwords?
In other words shouldn't it be SSL setup or password setup but not both?
------------------------------
ADAM SKEGGS
------------------------------