I am using the CFLDAP tag to access information from Active Directory (AD) on our corporate intranet. Users are authenticated to our application using SPNEGO. We do not store the users password when they authenticate though we do capture their account name. Because we do not have the users password information we cannot pass it onto AD through the CFLDAP tag.
We have decided to implement an entity account to query AD with, however we are unhappy with the idea of storing a Kerberos password in a clear text format in a .cfm file. I have explored the idea of Building an LDAP CFC similar to the example in "Advanced Macromedia ColdFusion MX 7 Application Development" (pg. 704-707) and encrypting that file. However, I am still interested to know if there is a more secure way to do this? I am hoping for an implementation similar to the method of adding a database "Data Source" under the "Data & Services" section of ColdFusion administration.
Any thoughts?
We have decided to implement an entity account to query AD with, however we are unhappy with the idea of storing a Kerberos password in a clear text format in a .cfm file. I have explored the idea of Building an LDAP CFC similar to the example in "Advanced Macromedia ColdFusion MX 7 Application Development" (pg. 704-707) and encrypting that file. However, I am still interested to know if there is a more secure way to do this? I am hoping for an implementation similar to the method of adding a database "Data Source" under the "Data & Services" section of ColdFusion administration.
Any thoughts?