Patchwork [05/11] Deprecate the --bindpw command line option

login
register
mail settings
Submitter Chuck Lever
Date Oct. 19, 2012, 9:08 p.m.
Message ID <20121019210819.53119.30100.stgit@seurat.1015granger.net>
Download mbox | patch
Permalink /patch/192810/
State Accepted
Headers show

Comments

Chuck Lever - Oct. 19, 2012, 9:08 p.m.
Secure Coding Practice requires that clear-text passwords are never
allowed to be specified on the command line.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---

 doc/man/nsdb-annotate.8      |   19 ++++++-------------
 doc/man/nsdb-create-fsl.8    |   19 ++++++-------------
 doc/man/nsdb-create-fsn.8    |   19 ++++++-------------
 doc/man/nsdb-delete-fsl.8    |   19 ++++++-------------
 doc/man/nsdb-delete-fsn.8    |   19 ++++++-------------
 doc/man/nsdb-delete-nsdb.8   |   19 ++++++-------------
 doc/man/nsdb-describe.8      |   19 ++++++-------------
 doc/man/nsdb-remove-nci.8    |   19 ++++++-------------
 doc/man/nsdb-update-fsl.8    |   19 ++++++-------------
 doc/man/nsdb-update-nci.8    |   19 ++++++-------------
 src/nsdbc/nsdb-annotate.c    |   14 ++++----------
 src/nsdbc/nsdb-create-fsl.c  |   14 ++++----------
 src/nsdbc/nsdb-create-fsn.c  |   14 ++++----------
 src/nsdbc/nsdb-delete-fsl.c  |   14 ++++----------
 src/nsdbc/nsdb-delete-fsn.c  |   14 ++++----------
 src/nsdbc/nsdb-delete-nsdb.c |   14 ++++----------
 src/nsdbc/nsdb-describe.c    |   14 ++++----------
 src/nsdbc/nsdb-remove-nci.c  |   14 ++++----------
 src/nsdbc/nsdb-update-fsl.c  |   14 ++++----------
 src/nsdbc/nsdb-update-nci.c  |   14 ++++----------
 20 files changed, 100 insertions(+), 230 deletions(-)

Patch

diff --git a/doc/man/nsdb-annotate.8 b/doc/man/nsdb-annotate.8
index 31ca9da..ba037a5 100644
--- a/doc/man/nsdb-annotate.8
+++ b/doc/man/nsdb-annotate.8
@@ -39,8 +39,6 @@  nsdb-annotate \- modify the fedfsAnnotation attribute of a FedFS NSDB record
 .IR nsdbname ]
 .RB [ \-r
 .IR nsdbport ]
-.RB [ \-w
-.IR bindpw ]
 .RB [ \-v
 .IR value ]
 .I distinguished-name
@@ -204,17 +202,6 @@  option is specified and this string exists as a value of the target record's
 .B fedfsAnnotation
 attribute, it is removed.
 Otherwise the value is added.
-.IP "\fB\-w, \-\-bindpw=\fIbinddn-password\fP"
-Specifies the password used for simple authentication to the LDAP server
-where the NSDB resides.
-If the
-.B \-\-bindpw
-option is not specified, the
-.BR nsdb-annotate (8)
-command asks for a password on
-.IR stdin .
-Standard password blanking techniques are used
-to obscure the password on the user's terminal.
 .IP "\fB\-y, \-\-delete\fP"
 Specifies that the specified value string is deleted rather than added.
 .SH EXIT CODES
@@ -349,6 +336,12 @@  The
 .BR nsdb-annotate (8)
 command must bind as an entity permitted to modify the DIT
 to perform this operation.
+The
+.BR nsdb-annotate (8)
+command asks for a bind password on
+.IR stdin .
+Standard password blanking techniques are used
+to obscure the password on the user's terminal.
 .P
 The target LDAP server must be registered in the local NSDB connection
 parameter database.
diff --git a/doc/man/nsdb-create-fsl.8 b/doc/man/nsdb-create-fsl.8
index bab397e..c00ca1d 100644
--- a/doc/man/nsdb-create-fsl.8
+++ b/doc/man/nsdb-create-fsl.8
@@ -39,8 +39,6 @@  nsdb-create-fsl \- create a fileset location (FSL) record on an NSDB
 .IR serverport ]
 .RB [ \-r
 .IR nsdbport ]
-.RB [ \-w
-.IR bindpw ]
 .I fsn-uuid
 .I fsl-uuid
 .I servername
@@ -168,17 +166,6 @@  The default value if the variable is not set is 389.
 Specifies the IP port of the file server a client should mount to access
 this fileset location.
 The default value if this option is not specified is 2049.
-.IP "\fB\-w, \-\-bindpw=\fIbinddn-password\fP"
-Specifies the password used for simple authentication to the LDAP server
-where the NSDB resides.
-If the
-.B \-\-bindpw
-option is not specified, the
-.BR nsdb-create-fsl (8)
-command asks for a password on
-.IR stdin .
-Standard password blanking techniques are used
-to obscure the password on the user's terminal.
 .SH EXIT CODES
 The NSDB returns a value that reflects the success of the requested operation.
 .TP
@@ -337,6 +324,12 @@  The
 .BR nsdb-create-fsl (8)
 command must bind as an entity permitted to modify the DIT
 to perform this operation.
+The
+.BR nsdb-create-fsl (8)
+command asks for a password on
+.IR stdin .
+Standard password blanking techniques are used
+to obscure the password on the user's terminal.
 .P
 The target LDAP server must be registered in the local NSDB connection
 parameter database.
diff --git a/doc/man/nsdb-create-fsn.8 b/doc/man/nsdb-create-fsn.8
index e4fb8d8..50d0785 100644
--- a/doc/man/nsdb-create-fsn.8
+++ b/doc/man/nsdb-create-fsn.8
@@ -37,8 +37,6 @@  nsdb-create-fsn \- create a fileset name (FSN) record on an NSDB
 .IR nsdbname ]
 .RB [ \-r
 .IR nsdbport ]
-.RB [ \-w
-.IR bindpw ]
 .I fsn-uuid
 .SH INTRODUCTION
 RFC 5716 introduces the Federated File System (FedFS, for short).
@@ -148,17 +146,6 @@  If the
 option is not specified,
 the value of the FEDFS_NSDB_PORT environment variable is consulted.
 The default value if the variable is not set is 389.
-.IP "\fB\-w, \-\-bindpw=\fIbinddn-password\fP"
-Specifies the password used for simple authentication to the LDAP server
-where the NSDB resides.
-If the
-.B \-\-bindpw
-option is not specified, the
-.BR nsdb-create-fsn (8)
-command asks for a password on
-.IR stdin .
-Standard password blanking techniques are used
-to obscure the password on the user's terminal.
 .SH EXIT CODES
 The NSDB returns a value that reflects the success of the requested operation.
 .TP
@@ -301,6 +288,12 @@  The
 .BR nsdb-create-fsn (8)
 command must bind as an entity permitted to modify the DIT
 to perform this operation.
+The
+.BR nsdb-create-fsn (8)
+command asks for a password on
+.IR stdin .
+Standard password blanking techniques are used
+to obscure the password on the user's terminal.
 .P
 The target LDAP server must be registered in the local NSDB connection
 parameter database.
diff --git a/doc/man/nsdb-delete-fsl.8 b/doc/man/nsdb-delete-fsl.8
index 11a7921..2cb22bc 100644
--- a/doc/man/nsdb-delete-fsl.8
+++ b/doc/man/nsdb-delete-fsl.8
@@ -37,8 +37,6 @@  nsdb-delete-fsl \- delete a fileset location (FSL) record from an NSDB
 .IR nsdbname ]
 .RB [ \-r
 .IR nsdbport ]
-.RB [ \-w
-.IR bindpw ]
 .I fsl-uuid
 .SH INTRODUCTION
 RFC 5716 introduces the Federated File System (FedFS, for short).
@@ -152,17 +150,6 @@  If the
 option is not specified,
 the value of the FEDFS_NSDB_PORT environment variable is consulted.
 The default value if the variable is not set is 389.
-.IP "\fB\-w, \-\-bindpw=\fIbinddn-password\fP"
-Specifies the password used for simple authentication to the LDAP server
-where the NSDB resides.
-If the
-.B \-\-bindpw
-option is not specified, the
-.BR nsdb-delete-fsl (8)
-command asks for a password on
-.IR stdin .
-Standard password blanking techniques are used
-to obscure the password on the user's terminal.
 .SH EXIT CODES
 The NSDB returns a value that reflects the success of the requested operation.
 .TP
@@ -308,6 +295,12 @@  The
 .BR nsdb-delete-fsl (8)
 command must bind as an entity permitted to modify the DIT
 to perform this operation.
+The
+.BR nsdb-delete-fsl (8)
+command asks for a password on
+.IR stdin .
+Standard password blanking techniques are used
+to obscure the password on the user's terminal.
 .P
 The target LDAP server must be registered in the local NSDB connection
 parameter database.
diff --git a/doc/man/nsdb-delete-fsn.8 b/doc/man/nsdb-delete-fsn.8
index 0526d43..dd2dd29 100644
--- a/doc/man/nsdb-delete-fsn.8
+++ b/doc/man/nsdb-delete-fsn.8
@@ -37,8 +37,6 @@  nsdb-delete-fsn \- delete a fileset name (FSN) record from an NSDB
 .IR nsdbname ]
 .RB [ \-r
 .IR nsdbport ]
-.RB [ \-w
-.IR bindpw ]
 .I fsn-uuid
 .SH INTRODUCTION
 RFC 5716 introduces the Federated File System (FedFS, for short).
@@ -154,17 +152,6 @@  If the
 option is not specified,
 the value of the FEDFS_NSDB_PORT environment variable is consulted.
 The default value if the variable is not set is 389.
-.IP "\fB\-w, \-\-bindpw=\fIbinddn-password\fP"
-Specifies the password used for simple authentication to th LDAP server
-where the NSDB resides.
-If the
-.B \-\-bindpw
-option is not specified, the
-.BR nsdb-delete-fsn (8)
-command asks for a password on
-.IR stdin .
-Standard password blanking techniques are used
-to obscure the password on the user's terminal.
 .IP "\fB-y, \-\-leavefsn\fP"
 Specifies that the specified FSN record should remain,
 but all FSL records associated with the specified FSN record should be deleted.
@@ -299,6 +286,12 @@  The
 .BR nsdb-delete-fsn (8)
 command must bind as an entity permitted to modify the DIT
 to perform this operation.
+The
+.BR nsdb-delete-fsn (8)
+command asks for a password on
+.IR stdin .
+Standard password blanking techniques are used
+to obscure the password on the user's terminal.
 .P
 The target LDAP server must be registered in the local NSDB connection
 parameter database.
diff --git a/doc/man/nsdb-delete-nsdb.8 b/doc/man/nsdb-delete-nsdb.8
index f72760f..2e3bc28 100644
--- a/doc/man/nsdb-delete-nsdb.8
+++ b/doc/man/nsdb-delete-nsdb.8
@@ -35,8 +35,6 @@  nsdb-delete-nsdb \- remove all FedFS info from an NSDB
 .IR nsdbname ]
 .RB [ \-r
 .IR nsdbport ]
-.RB [ \-w
-.IR bindpw ]
 .IR nce
 .SH INTRODUCTION
 RFC 5716 introduces the Federated File System (FedFS, for short).
@@ -122,17 +120,6 @@  If the
 option is not specified,
 the value of the FEDFS_NSDB_PORT environment variable is consulted.
 The default value if the variable is not set is 389.
-.IP "\fB\-w, \-\-bindpw=\fIbinddn-password\fP"
-Specifies the password used for simple authentication to th LDAP server
-where the NSDB resides.
-If the
-.B \-\-bindpw
-option is not specified, the
-.BR nsdb-delete-nsdb (8)
-command asks for a password on
-.IR stdin .
-Standard password blanking techniques are used
-to obscure the password on the user's terminal.
 .SH EXIT CODES
 The NSDB returns a value that reflects the success of the requested operation.
 .TP
@@ -243,6 +230,12 @@  must be used to modify LDAP entries.
 The
 .BR nsdb-delete-nsdb (8)
 command must bind as such an entity to perform this operation.
+The
+.BR nsdb-delete-nsdb (8)
+command asks for a password on
+.IR stdin .
+Standard password blanking techniques are used
+to obscure the password on the user's terminal.
 .P
 The target LDAP server must be registered in the local NSDB connection
 parameter database.
diff --git a/doc/man/nsdb-describe.8 b/doc/man/nsdb-describe.8
index 59ca626..17fa162 100644
--- a/doc/man/nsdb-describe.8
+++ b/doc/man/nsdb-describe.8
@@ -37,8 +37,6 @@  nsdb-describe \- modify the fedfsDescr attribute of a FedFS NSDB record
 .IR nsdbname ]
 .RB [ \-r
 .IR nsdbport ]
-.RB [ \-w
-.IR bindpw ]
 .I distinguished-name
 .SH INTRODUCTION
 RFC 5716 introduces the Federated File System (FedFS, for short).
@@ -149,17 +147,6 @@  If the
 option is not specified,
 the value of the FEDFS_NSDB_PORT environment variable is consulted.
 The default value if the variable is not set is 389.
-.IP "\fB\-w, \-\-bindpw=\fIbinddn-password\fP"
-Specifies the password used for simple authentication to the LDAP server
-where the NSDB resides.
-If the
-.B \-\-bindpw
-option is not specified, the
-.BR nsdb-describe (8)
-command asks for a password on
-.IR stdin .
-Standard password blanking techniques are used
-to obscure the password on the user's terminal.
 .IP "\fB\-y, \-\-delete\fP"
 Specifies that the specified value string is deleted rather than added.
 .SH EXIT CODES
@@ -294,6 +281,12 @@  The
 .BR nsdb-describe (8)
 command must bind as an entity permitted to modify the DIT
 to perform this operation.
+The
+.BR nsdb-describe (8)
+command asks for a password on
+.IR stdin .
+Standard password blanking techniques are used
+to obscure the password on the user's terminal.
 .P
 The target LDAP server must be registered in the local NSDB connection
 parameter database.
diff --git a/doc/man/nsdb-remove-nci.8 b/doc/man/nsdb-remove-nci.8
index bebb027..2e93992 100644
--- a/doc/man/nsdb-remove-nci.8
+++ b/doc/man/nsdb-remove-nci.8
@@ -37,8 +37,6 @@  nsdb-remove-nci \- remove NSDB container information from an LDAP server
 .IR nsdbname ]
 .RB [ \-r
 .IR nsdbport ]
-.RB [ \-w
-.IR bindpw ]
 .SH INTRODUCTION
 RFC 5716 introduces the Federated File System (FedFS, for short).
 FedFS is an extensible standardized mechanism
@@ -145,17 +143,6 @@  If the
 option is not specified,
 the value of the FEDFS_NSDB_PORT environment variable is consulted.
 The default value if the variable is not set is 389.
-.IP "\fB\-w, \-\-bindpw=\fIbinddn-password\fP"
-Specifies the password used for simple authentication to the LDAP server
-where the NSDB resides
-If the
-.B \-\-bindpw
-option is not specified, the
-.BR nsdb-remove-nci (8)
-command asks for a password on
-.IR stdin .
-Standard password blanking techniques are used
-to obscure the password on the user's terminal.
 .SH EXIT CODES
 The NSDB returns a value that reflects the success of the requested operation.
 .TP
@@ -263,6 +250,12 @@  must be used to modify LDAP entries.
 The
 .BR nsdb-remove-nci (8)
 command must bind as such an entity to perform this operation.
+The
+.BR nsdb-remove-nci (8)
+command asks for a password on
+.IR stdin .
+Standard password blanking techniques are used
+to obscure the password on the user's terminal.
 .P
 The target LDAP server must be registered in the local NSDB connection
 parameter database.
diff --git a/doc/man/nsdb-update-fsl.8 b/doc/man/nsdb-update-fsl.8
index 0df2d8b..85cf6b3 100644
--- a/doc/man/nsdb-update-fsl.8
+++ b/doc/man/nsdb-update-fsl.8
@@ -37,8 +37,6 @@  nsdb-update-fsl \- update attributes of a fileset location (FSL) record
 .IR nsdbname ]
 .RB [ \-r
 .IR nsdbport ]
-.RB [ \-w
-.IR bindpw ]
 .RB [ \-v
 .IR value ]
 .I fsl-uuid
@@ -171,17 +169,6 @@  If the
 option is not specified, the
 .BR nsdb-update-fsl (8)
 command attempts to delete the specified attribute.
-.IP "\fB\-w, \-\-bindpw=\fIbinddn-password\fP"
-Specifies the password used for simple authentication to the LDAP server
-where the NSDB resides.
-If the
-.B \-\-bindpw
-option is not specified, the
-.BR nsdb-update-fsl (8)
-command asks for a password on
-.IR stdin .
-Standard password blanking techniques are used
-to obscure the password on the user's terminal.
 .SH EXIT CODES
 The NSDB returns a value that reflects the success of the requested operation.
 .TP
@@ -330,6 +317,12 @@  The
 .BR nsdb-update-fsl (8)
 command must bind as an entity permitted to modify the DIT
 to perform this operation.
+The
+.BR nsdb-update-fsl (8)
+command asks for a password on
+.IR stdin .
+Standard password blanking techniques are used
+to obscure the password on the user's terminal.
 .P
 The target LDAP server must be registered in the local NSDB connection
 parameter database.
diff --git a/doc/man/nsdb-update-nci.8 b/doc/man/nsdb-update-nci.8
index 8149960..eb61972 100644
--- a/doc/man/nsdb-update-nci.8
+++ b/doc/man/nsdb-update-nci.8
@@ -37,8 +37,6 @@  nsdb-update-nci \- update NSDB container information on an LDAP server
 .IR nsdbname ]
 .RB [ \-r
 .IR nsdbport ]
-.RB [ \-w
-.IR bindpw ]
 .SH INTRODUCTION
 RFC 5716 introduces the Federated File System (FedFS, for short).
 FedFS is an extensible standardized mechanism
@@ -145,17 +143,6 @@  If the
 option is not specified,
 the value of the FEDFS_NSDB_PORT environment variable is consulted.
 The default value if the variable is not set is 389.
-.IP "\fB\-w, \-\-bindpw=\fIbinddn-password\fP"
-Specifies the password used for simple authentication to the LDAP server
-where the NSDB resides.
-If the
-.B \-\-bindpw
-option is not specified, the
-.BR nsdb-update-nci (8)
-command asks for a password on
-.IR stdin .
-Standard password blanking techniques are used
-to obscure the password on the user's terminal.
 .IP "\fB\-y, \-\-delete\fP"
 Specifies that NSDB Container Information for this NCE
 should be removed from this LDAP server.
@@ -303,6 +290,12 @@  LDAP naming contexts are typically writable only by administrative entities.
 The
 .BR nsdb-update-nci (8)
 command must bind as an administrative entity to perform this operation.
+The
+.BR nsdb-update-nci (8)
+command asks for a password on
+.IR stdin .
+Standard password blanking techniques are used
+to obscure the password on the user's terminal.
 .P
 The target LDAP server must be registered in the local NSDB connection
 parameter database.
diff --git a/src/nsdbc/nsdb-annotate.c b/src/nsdbc/nsdb-annotate.c
index 234e99a..2d3acec 100644
--- a/src/nsdbc/nsdb-annotate.c
+++ b/src/nsdbc/nsdb-annotate.c
@@ -48,7 +48,7 @@ 
 /**
  * Short form command line options
  */
-static const char nsdb_annotate_opts[] = "?adD:k:l:r:v:w:y";
+static const char nsdb_annotate_opts[] = "?adD:k:l:r:v:y";
 
 /**
  * Long form command line options
@@ -62,7 +62,6 @@  static const struct option nsdb_annotate_longopts[] = {
 	{ "keyword", 1, NULL, 'k', },
 	{ "nsdbname", 1, NULL, 'l', },
 	{ "nsdbport", 1, NULL, 'r', },
-	{ "bindpw", 1, NULL, 'w', },
 	{ "value", 1, NULL, 'v', },
 	{ NULL, 0, NULL, 0, },
 };
@@ -76,7 +75,7 @@  static void
 nsdb_annotate_usage(const char *progname)
 {
 	fprintf(stderr, "\n%s version " VERSION "\n", progname);
-	fprintf(stderr, "Usage: %s [ -d ] [ -D binddn ] [ -w bindpw ] "
+	fprintf(stderr, "Usage: %s [ -d ] [ -D binddn ] "
 			"[ -l nsdbname ] [ -r nsdbport ] [ -a annotation ] "
 			"[ -k keyword ] [ -v value ] [ -y ] "
 			"distinguished-name\n\n",
@@ -90,7 +89,6 @@  nsdb_annotate_usage(const char *progname)
 	fprintf(stderr, "\t-l, --nsdbname       NSDB hostname\n");
 	fprintf(stderr, "\t-r, --nsdbport       NSDB port\n");
 	fprintf(stderr, "\t-v, --value          Annotation value\n");
-	fprintf(stderr, "\t-w, --bindpw         Bind password\n");
 	fprintf(stderr, "\t-y, --delete         Delete specified annotation\n");
 
 	fprintf(stderr, "%s", fedfs_gpl_boilerplate);
@@ -108,7 +106,7 @@  nsdb_annotate_usage(const char *progname)
 int
 main(int argc, char **argv)
 {
-	char *progname, *binddn, *bindpw, *nsdbname;
+	char *progname, *binddn, *nsdbname;
 	char *keyword, *value, *entry, *annotation;
 	unsigned short nsdbport;
 	unsigned int ldap_err;
@@ -137,7 +135,6 @@  main(int argc, char **argv)
 	xlog_syslog(0);
 	xlog_open(progname);
 
-	bindpw = NULL;
 	nsdb_env(&nsdbname, &nsdbport, &binddn, NULL);
 
 	delete = false;
@@ -170,9 +167,6 @@  main(int argc, char **argv)
 		case 'v':
 			value = optarg;
 			break;
-		case 'w':
-			bindpw = optarg;
-			break;
 		case 'y':
 			delete = true;
 			break;
@@ -255,7 +249,7 @@  main(int argc, char **argv)
 		goto out_free;
 	}
 
-	retval = nsdb_open_nsdb(host, binddn, bindpw, &ldap_err);
+	retval = nsdb_open_nsdb(host, binddn, NULL, &ldap_err);
 	switch (retval) {
 	case FEDFS_OK:
 		break;
diff --git a/src/nsdbc/nsdb-create-fsl.c b/src/nsdbc/nsdb-create-fsl.c
index a76277c..392e4b0 100644
--- a/src/nsdbc/nsdb-create-fsl.c
+++ b/src/nsdbc/nsdb-create-fsl.c
@@ -50,7 +50,7 @@ 
 /**
  * Short form command line options
  */
-static const char nsdb_create_fsl_opts[] = "?dD:e:l:o:r:w:";
+static const char nsdb_create_fsl_opts[] = "?dD:e:l:o:r:";
 
 /**
  * Long form command line options
@@ -63,7 +63,6 @@  static const struct option nsdb_create_fsl_longopts[] = {
 	{ "nsdbname", 1, NULL, 'l', },
 	{ "nsdbport", 1, NULL, 'r', },
 	{ "serverport", 1, NULL, 'o', },
-	{ "bindpw", 1, NULL, 'w', },
 	{ NULL, 0, NULL, 0, },
 };
 
@@ -76,7 +75,7 @@  static void
 nsdb_create_fsl_usage(const char *progname)
 {
 	fprintf(stderr, "\n%s version " VERSION "\n", progname);
-	fprintf(stderr, "Usage: %s [ -d ] [ -D binddn ] [ -w bindpw ] "
+	fprintf(stderr, "Usage: %s [ -d ] [ -D binddn ] "
 			"[ -l nsdbname ] [ -r nsdbport ] [ -e nce ] "
 			"[ -o serverport ] "
 			"fsn-uuid fsl-uuid servername serverpath\n\n",
@@ -89,7 +88,6 @@  nsdb_create_fsl_usage(const char *progname)
 	fprintf(stderr, "\t-l, --nsdbname       NSDB hostname\n");
 	fprintf(stderr, "\t-r, --nsdbport       NSDB port\n");
 	fprintf(stderr, "\t-o, --serverport     File server port to set\n");
-	fprintf(stderr, "\t-w, --bindpw         Bind password\n");
 
 	fprintf(stderr, "%s", fedfs_gpl_boilerplate);
 
@@ -107,7 +105,7 @@  int
 main(int argc, char **argv)
 {
 	char *nce, *fsn_uuid, *fsl_uuid, *servername, *serverpath;
-	char *progname, *binddn, *bindpw, *nsdbname;
+	char *progname, *binddn, *nsdbname;
 	unsigned short nsdbport, serverport;
 	struct fedfs_fsl *fsl;
 	unsigned int ldap_err;
@@ -135,7 +133,6 @@  main(int argc, char **argv)
 	xlog_syslog(0);
 	xlog_open(progname);
 
-	bindpw = NULL;
 	nsdb_env(&nsdbname, &nsdbport, &binddn, &nce);
 
 	serverport = 0;
@@ -168,9 +165,6 @@  main(int argc, char **argv)
 				nsdb_create_fsl_usage(progname);
 			}
 			break;
-		case 'w':
-			bindpw = optarg;
-			break;
 		default:
 			fprintf(stderr, "Invalid command line "
 				"argument: %c\n", (char)arg);
@@ -253,7 +247,7 @@  main(int argc, char **argv)
 		goto out_free;
 	}
 
-	retval = nsdb_open_nsdb(host, binddn, bindpw, &ldap_err);
+	retval = nsdb_open_nsdb(host, binddn, NULL, &ldap_err);
 	switch (retval) {
 	case FEDFS_OK:
 		break;
diff --git a/src/nsdbc/nsdb-create-fsn.c b/src/nsdbc/nsdb-create-fsn.c
index 402be08..2804d6d 100644
--- a/src/nsdbc/nsdb-create-fsn.c
+++ b/src/nsdbc/nsdb-create-fsn.c
@@ -50,7 +50,7 @@ 
 /**
  * Short form command line options
  */
-static const char nsdb_create_fsn_opts[] = "?dD:e:l:r:w:";
+static const char nsdb_create_fsn_opts[] = "?dD:e:l:r:";
 
 /**
  * Long form command line options
@@ -62,7 +62,6 @@  static const struct option nsdb_create_fsn_longopts[] = {
 	{ "nce", 1, NULL, 'e', },
 	{ "nsdbname", 1, NULL, 'l', },
 	{ "nsdbport", 1, NULL, 'r', },
-	{ "bindpw", 1, NULL, 'w', },
 	{ NULL, 0, NULL, 0, },
 };
 
@@ -75,7 +74,7 @@  static void
 nsdb_create_fsn_usage(const char *progname)
 {
 	fprintf(stderr, "\n%s version " VERSION "\n", progname);
-	fprintf(stderr, "Usage: %s [ -d ] [ -D binddn ] [ -w bindpw ] "
+	fprintf(stderr, "Usage: %s [ -d ] [ -D binddn ] "
 			"[ -l nsdbname ] [ -r nsdbport ] [ -e nce ] "
 			"fsn-uuid\n\n",
 			progname);
@@ -86,7 +85,6 @@  nsdb_create_fsn_usage(const char *progname)
 	fprintf(stderr, "\t-e, --nce            DN of NSDB container entry\n");
 	fprintf(stderr, "\t-l, --nsdbname       NSDB hostname\n");
 	fprintf(stderr, "\t-r, --nsdbport       NSDB port\n");
-	fprintf(stderr, "\t-w, --bindpw         Bind password\n");
 
 	fprintf(stderr, "%s", fedfs_gpl_boilerplate);
 
@@ -103,7 +101,7 @@  nsdb_create_fsn_usage(const char *progname)
 int
 main(int argc, char **argv)
 {
-	char *progname, *binddn, *bindpw, *nsdbname;
+	char *progname, *binddn, *nsdbname;
 	unsigned short nsdbport;
 	unsigned int ldap_err;
 	char *nce, *fsn_uuid;
@@ -131,7 +129,6 @@  main(int argc, char **argv)
 	xlog_syslog(0);
 	xlog_open(progname);
 
-	bindpw = NULL;
 	nsdb_env(&nsdbname, &nsdbport, &binddn, &nce);
 
 	while ((arg = getopt_long(argc, argv, nsdb_create_fsn_opts,
@@ -156,9 +153,6 @@  main(int argc, char **argv)
 				nsdb_create_fsn_usage(progname);
 			}
 			break;
-		case 'w':
-			bindpw = optarg;
-			break;
 		default:
 			fprintf(stderr, "Invalid command line "
 				"argument: %c\n", (char)arg);
@@ -213,7 +207,7 @@  main(int argc, char **argv)
 		goto out_free;
 	}
 
-	retval = nsdb_open_nsdb(host, binddn, bindpw, &ldap_err);
+	retval = nsdb_open_nsdb(host, binddn, NULL, &ldap_err);
 	switch (retval) {
 	case FEDFS_OK:
 		break;
diff --git a/src/nsdbc/nsdb-delete-fsl.c b/src/nsdbc/nsdb-delete-fsl.c
index 74f555a..9dc48aa 100644
--- a/src/nsdbc/nsdb-delete-fsl.c
+++ b/src/nsdbc/nsdb-delete-fsl.c
@@ -54,7 +54,7 @@ 
 /**
  * Short form command line options
  */
-static const char nsdb_delete_fsl_opts[] = "?dD:e:l:r:w:";
+static const char nsdb_delete_fsl_opts[] = "?dD:e:l:r:";
 
 /**
  * Long form command line options
@@ -66,7 +66,6 @@  static const struct option nsdb_delete_fsl_longopts[] = {
 	{ "nce", 1, NULL, 'e', },
 	{ "nsdbname", 1, NULL, 'l', },
 	{ "nsdbport", 1, NULL, 'r', },
-	{ "bindpw", 1, NULL, 'w', },
 	{ NULL, 0, NULL, 0, },
 };
 
@@ -79,7 +78,7 @@  static void
 nsdb_delete_fsl_usage(const char *progname)
 {
 	fprintf(stderr, "\n%s version " VERSION "\n", progname);
-	fprintf(stderr, "Usage: %s [ -d ] [ -D binddn ] [ -w bindpw ] "
+	fprintf(stderr, "Usage: %s [ -d ] [ -D binddn ] "
 			"[ -l nsdbname ] [ -r nsdbport ] [ -e nce ] "
 			"fsl-uuid\n\n",
 			progname);
@@ -90,7 +89,6 @@  nsdb_delete_fsl_usage(const char *progname)
 	fprintf(stderr, "\t-e, --nce            DN of NSDB container entry\n");
 	fprintf(stderr, "\t-l, --nsdbname       NSDB hostname\n");
 	fprintf(stderr, "\t-r, --nsdbport       NSDB port\n");
-	fprintf(stderr, "\t-w, --bindpw         Bind password\n");
 
 	fprintf(stderr, "%s", fedfs_gpl_boilerplate);
 
@@ -107,7 +105,7 @@  nsdb_delete_fsl_usage(const char *progname)
 int
 main(int argc, char **argv)
 {
-	char *progname, *binddn, *bindpw, *nsdbname;
+	char *progname, *binddn, *nsdbname;
 	char *nce, *fsl_uuid;
 	unsigned short nsdbport;
 	unsigned int ldap_err;
@@ -135,7 +133,6 @@  main(int argc, char **argv)
 	xlog_syslog(0);
 	xlog_open(progname);
 
-	bindpw = NULL;
 	nsdb_env(&nsdbname, &nsdbport, &binddn, &nce);
 
 	while ((arg = getopt_long(argc, argv, nsdb_delete_fsl_opts,
@@ -160,9 +157,6 @@  main(int argc, char **argv)
 				nsdb_delete_fsl_usage(progname);
 			}
 			break;
-		case 'w':
-			bindpw = optarg;
-			break;
 		default:
 			fprintf(stderr, "Invalid command line "
 				"argument: %c\n", (char)arg);
@@ -217,7 +211,7 @@  main(int argc, char **argv)
 		goto out_free;
 	}
 
-	retval = nsdb_open_nsdb(host, binddn, bindpw, &ldap_err);
+	retval = nsdb_open_nsdb(host, binddn, NULL, &ldap_err);
 	switch (retval) {
 	case FEDFS_OK:
 		break;
diff --git a/src/nsdbc/nsdb-delete-fsn.c b/src/nsdbc/nsdb-delete-fsn.c
index 15988d5..3efaeb8 100644
--- a/src/nsdbc/nsdb-delete-fsn.c
+++ b/src/nsdbc/nsdb-delete-fsn.c
@@ -50,7 +50,7 @@ 
 /**
  * Short form command line options
  */
-static const char nsdb_delete_fsn_opts[] = "?dD:e:l:r:w:y";
+static const char nsdb_delete_fsn_opts[] = "?dD:e:l:r:y";
 
 /**
  * Long form command line options
@@ -63,7 +63,6 @@  static const struct option nsdb_delete_fsn_longopts[] = {
 	{ "nce", 1, NULL, 'e', },
 	{ "nsdbname", 1, NULL, 'l', },
 	{ "nsdbport", 1, NULL, 'r', },
-	{ "bindpw", 1, NULL, 'w', },
 	{ NULL, 0, NULL, 0, },
 };
 
@@ -76,7 +75,7 @@  static void
 nsdb_delete_fsn_usage(const char *progname)
 {
 	fprintf(stderr, "\n%s version " VERSION "\n", progname);
-	fprintf(stderr, "Usage: %s [ -d ] [ -D binddn ] [ -w bindpw ] "
+	fprintf(stderr, "Usage: %s [ -d ] [ -D binddn ] "
 			"[ -l nsdbname ] [ -r nsdbport ] [ -e nce ] [-y] "
 			"fsn-uuid\n\n", progname);
 
@@ -86,7 +85,6 @@  nsdb_delete_fsn_usage(const char *progname)
 	fprintf(stderr, "\t-e, --nce            DN of NSDB container entry\n");
 	fprintf(stderr, "\t-l, --nsdbname       NSDB hostname\n");
 	fprintf(stderr, "\t-r, --nsdbport       NSDB port\n");
-	fprintf(stderr, "\t-w, --bindpw         Bind password\n");
 	fprintf(stderr, "\t-y, --leavefsn       Delete FSLs but leave FSN\n");
 
 	fprintf(stderr, "%s", fedfs_gpl_boilerplate);
@@ -104,7 +102,7 @@  nsdb_delete_fsn_usage(const char *progname)
 int
 main(int argc, char **argv)
 {
-	char *progname, *binddn, *bindpw, *nsdbname;
+	char *progname, *binddn, *nsdbname;
 	unsigned short nsdbport;
 	unsigned int ldap_err;
 	char *nce, *fsn_uuid;
@@ -133,7 +131,6 @@  main(int argc, char **argv)
 	xlog_syslog(0);
 	xlog_open(progname);
 
-	bindpw = NULL;
 	nsdb_env(&nsdbname, &nsdbport, &binddn, &nce);
 
 	leave_fsn = false;
@@ -159,9 +156,6 @@  main(int argc, char **argv)
 				nsdb_delete_fsn_usage(progname);
 			}
 			break;
-		case 'w':
-			bindpw = optarg;
-			break;
 		case 'y':
 			leave_fsn = true;
 			break;
@@ -219,7 +213,7 @@  main(int argc, char **argv)
 		goto out_free;
 	}
 
-	retval = nsdb_open_nsdb(host, binddn, bindpw, &ldap_err);
+	retval = nsdb_open_nsdb(host, binddn, NULL, &ldap_err);
 	switch (retval) {
 	case FEDFS_OK:
 		break;
diff --git a/src/nsdbc/nsdb-delete-nsdb.c b/src/nsdbc/nsdb-delete-nsdb.c
index 691c4ee..88b811b 100644
--- a/src/nsdbc/nsdb-delete-nsdb.c
+++ b/src/nsdbc/nsdb-delete-nsdb.c
@@ -46,7 +46,7 @@ 
 /**
  * Short form command line options
  */
-static const char nsdb_delete_nsdb_opts[] = "?dD:l:r:w:";
+static const char nsdb_delete_nsdb_opts[] = "?dD:l:r:";
 
 /**
  * Long form command line options
@@ -57,7 +57,6 @@  static const struct option nsdb_delete_nsdb_longopts[] = {
 	{ "help", 0, NULL, '?', },
 	{ "nsdbname", 1, NULL, 'l', },
 	{ "nsdbport", 1, NULL, 'r', },
-	{ "bindpw", 1, NULL, 'w', },
 	{ NULL, 0, NULL, 0, },
 };
 
@@ -70,7 +69,7 @@  static void
 nsdb_delete_nsdb_usage(const char *progname)
 {
 	fprintf(stderr, "\n%s version " VERSION "\n", progname);
-	fprintf(stderr, "Usage: %s [ -d ] [ -D binddn ] [ -w bindpw ] "
+	fprintf(stderr, "Usage: %s [ -d ] [ -D binddn ] "
 			"[ -l nsdbname ] [ -r nsdbport ] nce\n\n",
 			progname);
 
@@ -79,7 +78,6 @@  nsdb_delete_nsdb_usage(const char *progname)
 	fprintf(stderr, "\t-D, --binddn         Bind DN\n");
 	fprintf(stderr, "\t-l, --nsdbname       NSDB hostname\n");
 	fprintf(stderr, "\t-r, --nsdbport       NSDB port\n");
-	fprintf(stderr, "\t-w, --bindpw         Bind password\n");
 
 	fprintf(stderr, "%s", fedfs_gpl_boilerplate);
 
@@ -96,7 +94,7 @@  nsdb_delete_nsdb_usage(const char *progname)
 int
 main(int argc, char **argv)
 {
-	char *progname, *binddn, *bindpw, *nsdbname;
+	char *progname, *binddn, *nsdbname;
 	unsigned short nsdbport;
 	unsigned int ldap_err;
 	FedFsStatus retval;
@@ -124,7 +122,6 @@  main(int argc, char **argv)
 	xlog_syslog(0);
 	xlog_open(progname);
 
-	bindpw = NULL;
 	nsdb_env(&nsdbname, &nsdbport, &binddn, NULL);
 
 	while ((arg = getopt_long(argc, argv, nsdb_delete_nsdb_opts,
@@ -146,9 +143,6 @@  main(int argc, char **argv)
 				nsdb_delete_nsdb_usage(progname);
 			}
 			break;
-		case 'w':
-			bindpw = optarg;
-			break;
 		default:
 			fprintf(stderr, "Invalid command line "
 				"argument: %c\n", (char)arg);
@@ -192,7 +186,7 @@  main(int argc, char **argv)
 		goto out_free;
 	}
 
-	retval = nsdb_open_nsdb(host, binddn, bindpw, &ldap_err);
+	retval = nsdb_open_nsdb(host, binddn, NULL, &ldap_err);
 	switch (retval) {
 	case FEDFS_OK:
 		break;
diff --git a/src/nsdbc/nsdb-describe.c b/src/nsdbc/nsdb-describe.c
index 127ff45..f90cb2a 100644
--- a/src/nsdbc/nsdb-describe.c
+++ b/src/nsdbc/nsdb-describe.c
@@ -48,7 +48,7 @@ 
 /**
  * Short form command line options
  */
-static const char nsdb_describe_opts[] = "?a:dD:l:r:w:y";
+static const char nsdb_describe_opts[] = "?a:dD:l:r:y";
 
 /**
  * Long form command line options
@@ -61,7 +61,6 @@  static const struct option nsdb_describe_longopts[] = {
 	{ "help", 0, NULL, '?', },
 	{ "nsdbname", 1, NULL, 'l', },
 	{ "nsdbport", 1, NULL, 'r', },
-	{ "bindpw", 1, NULL, 'w', },
 	{ NULL, 0, NULL, 0, },
 };
 
@@ -74,7 +73,7 @@  static void
 nsdb_describe_usage(const char *progname)
 {
 	fprintf(stderr, "\n%s version " VERSION "\n", progname);
-	fprintf(stderr, "Usage: %s [ -d ] [ -D binddn ] [ -w bindpw ] "
+	fprintf(stderr, "Usage: %s [ -d ] [ -D binddn ] "
 			"[ -l nsdbname ] [ -r nsdbport ] [ -a description] "
 			"distinguished-name [-y]\n\n",
 			progname);
@@ -85,7 +84,6 @@  nsdb_describe_usage(const char *progname)
 	fprintf(stderr, "\t-D, --binddn         Bind DN\n");
 	fprintf(stderr, "\t-l, --nsdbname       NSDB hostname\n");
 	fprintf(stderr, "\t-r, --nsdbport       NSDB port\n");
-	fprintf(stderr, "\t-w, --bindpw         Bind password\n");
 	fprintf(stderr, "\t-y, --delete         Delete specified description\n");
 
 	fprintf(stderr, "%s", fedfs_gpl_boilerplate);
@@ -103,7 +101,7 @@  nsdb_describe_usage(const char *progname)
 int
 main(int argc, char **argv)
 {
-	char *progname, *binddn, *bindpw, *nsdbname;
+	char *progname, *binddn, *nsdbname;
 	char *description, *entry;
 	unsigned short nsdbport;
 	unsigned int ldap_err;
@@ -132,7 +130,6 @@  main(int argc, char **argv)
 	xlog_syslog(0);
 	xlog_open(progname);
 
-	bindpw = NULL;
 	nsdb_env(&nsdbname, &nsdbport, &binddn, NULL);
 
 	delete = false;
@@ -159,9 +156,6 @@  main(int argc, char **argv)
 				nsdb_describe_usage(progname);
 			}
 			break;
-		case 'w':
-			bindpw = optarg;
-			break;
 		case 'y':
 			delete = true;
 			break;
@@ -212,7 +206,7 @@  main(int argc, char **argv)
 		goto out_free;
 	}
 
-	retval = nsdb_open_nsdb(host, binddn, bindpw, &ldap_err);
+	retval = nsdb_open_nsdb(host, binddn, NULL, &ldap_err);
 	switch (retval) {
 	case FEDFS_OK:
 		break;
diff --git a/src/nsdbc/nsdb-remove-nci.c b/src/nsdbc/nsdb-remove-nci.c
index b6d22c1..76d2e8b 100644
--- a/src/nsdbc/nsdb-remove-nci.c
+++ b/src/nsdbc/nsdb-remove-nci.c
@@ -46,7 +46,7 @@ 
 /**
  * Short form command line options
  */
-static const char nsdb_remove_nci_opts[] = "?dD:e:l:r:w:";
+static const char nsdb_remove_nci_opts[] = "?dD:e:l:r:";
 
 /**
  * Long form command line options
@@ -58,7 +58,6 @@  static const struct option nsdb_remove_nci_longopts[] = {
 	{ "nce", 1, NULL, 'e', },
 	{ "nsdbname", 1, NULL, 'l', },
 	{ "nsdbport", 1, NULL, 'r', },
-	{ "bindpw", 1, NULL, 'w', },
 	{ NULL, 0, NULL, 0, },
 };
 
@@ -71,7 +70,7 @@  static void
 nsdb_remove_nci_usage(const char *progname)
 {
 	fprintf(stderr, "\n%s version " VERSION "\n", progname);
-	fprintf(stderr, "Usage: %s [ -d ] [ -D binddn ] [ -w bindpw ] "
+	fprintf(stderr, "Usage: %s [ -d ] [ -D binddn ] "
 			"[ -l nsdbname ] [ -r nsdbport ] [ -e nce ]\n\n",
 			progname);
 
@@ -81,7 +80,6 @@  nsdb_remove_nci_usage(const char *progname)
 	fprintf(stderr, "\t-e, --nce            DN of NSDB container entry to remove\n");
 	fprintf(stderr, "\t-l, --nsdbname       NSDB hostname\n");
 	fprintf(stderr, "\t-r, --nsdbport       NSDB port\n");
-	fprintf(stderr, "\t-w, --bindpw         Bind password\n");
 
 	fprintf(stderr, "%s", fedfs_gpl_boilerplate);
 
@@ -98,7 +96,7 @@  nsdb_remove_nci_usage(const char *progname)
 int
 main(int argc, char **argv)
 {
-	char *progname, *binddn, *bindpw, *nsdbname;
+	char *progname, *binddn, *nsdbname;
 	unsigned short nsdbport;
 	unsigned int ldap_err;
 	FedFsStatus retval;
@@ -126,7 +124,6 @@  main(int argc, char **argv)
 	xlog_syslog(0);
 	xlog_open(progname);
 
-	bindpw = NULL;
 	nsdb_env(&nsdbname, &nsdbport, &binddn, &nce);
 	if (nce == NULL)
 		nce = NSDB_DEFAULT_NCE;
@@ -153,9 +150,6 @@  main(int argc, char **argv)
 				nsdb_remove_nci_usage(progname);
 			}
 			break;
-		case 'w':
-			bindpw = optarg;
-			break;
 		default:
 			fprintf(stderr, "Invalid command line "
 				"argument: %c\n", (char)arg);
@@ -189,7 +183,7 @@  main(int argc, char **argv)
 
 	if (binddn == NULL)
 		binddn = (char *)nsdb_default_binddn(host);
-	retval = nsdb_open_nsdb(host, binddn, bindpw, &ldap_err);
+	retval = nsdb_open_nsdb(host, binddn, NULL, &ldap_err);
 	switch (retval) {
 	case FEDFS_OK:
 		break;
diff --git a/src/nsdbc/nsdb-update-fsl.c b/src/nsdbc/nsdb-update-fsl.c
index abef5df..413e8b9 100644
--- a/src/nsdbc/nsdb-update-fsl.c
+++ b/src/nsdbc/nsdb-update-fsl.c
@@ -54,7 +54,7 @@ 
 /**
  * Short form command line options
  */
-static const char nsdb_update_fsl_opts[] = "?dD:e:l:r:v:w:";
+static const char nsdb_update_fsl_opts[] = "?dD:e:l:r:v:";
 
 /**
  * Long form command line options
@@ -66,7 +66,6 @@  static const struct option nsdb_update_fsl_longopts[] = {
 	{ "nce", 1, NULL, 'e', },
 	{ "nsdbname", 1, NULL, 'l', },
 	{ "nsdbport", 1, NULL, 'r', },
-	{ "bindpw", 1, NULL, 'w', },
 	{ "value", 1, NULL, 'v', },
 	{ NULL, 0, NULL, 0, },
 };
@@ -80,7 +79,7 @@  static void
 nsdb_update_fsl_usage(const char *progname)
 {
 	fprintf(stderr, "\n%s version " VERSION "\n", progname);
-	fprintf(stderr, "Usage: %s [ -d ] [ -D binddn ] [ -w bindpw ] "
+	fprintf(stderr, "Usage: %s [ -d ] [ -D binddn ] "
 			"[ -l nsdbname ] [ -r nsdbport ] [ -e nce ] [ -v value ] "
 			"fsl-uuid attribute\n\n",
 			progname);
@@ -92,7 +91,6 @@  nsdb_update_fsl_usage(const char *progname)
 	fprintf(stderr, "\t-l, --nsdbname       NSDB hostname\n");
 	fprintf(stderr, "\t-r, --nsdbport       NSDB port\n");
 	fprintf(stderr, "\t-v, --value          New attribute value\n");
-	fprintf(stderr, "\t-w, --bindpw         Bind password\n");
 
 	fprintf(stderr, "%s", fedfs_gpl_boilerplate);
 
@@ -109,7 +107,7 @@  nsdb_update_fsl_usage(const char *progname)
 int
 main(int argc, char **argv)
 {
-	char *progname, *binddn, *bindpw, *nsdbname;
+	char *progname, *binddn, *nsdbname;
 	char *nce, *fsl_uuid, *attribute, *value;
 	unsigned short nsdbport;
 	unsigned int ldap_err;
@@ -137,7 +135,6 @@  main(int argc, char **argv)
 	xlog_syslog(0);
 	xlog_open(progname);
 
-	bindpw = NULL;
 	nsdb_env(&nsdbname, &nsdbport, &binddn, &nce);
 
 	value = NULL;
@@ -163,9 +160,6 @@  main(int argc, char **argv)
 				nsdb_update_fsl_usage(progname);
 			}
 			break;
-		case 'w':
-			bindpw = optarg;
-			break;
 		case 'v':
 			value = optarg;
 			break;
@@ -228,7 +222,7 @@  main(int argc, char **argv)
 	if (nce == NULL)
 		nce = (char *)nsdb_default_nce(host);
 
-	retval = nsdb_open_nsdb(host, binddn, bindpw, &ldap_err);
+	retval = nsdb_open_nsdb(host, binddn, NULL, &ldap_err);
 	switch (retval) {
 	case FEDFS_OK:
 		break;
diff --git a/src/nsdbc/nsdb-update-nci.c b/src/nsdbc/nsdb-update-nci.c
index c490c76..50ffdb0 100644
--- a/src/nsdbc/nsdb-update-nci.c
+++ b/src/nsdbc/nsdb-update-nci.c
@@ -47,7 +47,7 @@ 
 /**
  * Short form command line options
  */
-static const char nsdb_update_nci_opts[] = "?dD:e:l:qr:w:y";
+static const char nsdb_update_nci_opts[] = "?dD:e:l:qr:y";
 
 /**
  * Long form command line options
@@ -60,7 +60,6 @@  static const struct option nsdb_update_nci_longopts[] = {
 	{ "nce", 1, NULL, 'e', },
 	{ "nsdbname", 1, NULL, 'l', },
 	{ "nsdbport", 1, NULL, 'r', },
-	{ "bindpw", 1, NULL, 'w', },
 	{ NULL, 0, NULL, 0, },
 };
 
@@ -73,7 +72,7 @@  static void
 nsdb_update_nci_usage(const char *progname)
 {
 	fprintf(stderr, "\n%s version " VERSION "\n", progname);
-	fprintf(stderr, "Usage: %s [ -d ] [ -D binddn ] [ -w bindpw ] "
+	fprintf(stderr, "Usage: %s [ -d ] [ -D binddn ] "
 			"[ -l nsdbname ] [ -r nsdbport ] "
 			"[ -e entry ] [-y]\n\n",
 			progname);
@@ -84,7 +83,6 @@  nsdb_update_nci_usage(const char *progname)
 	fprintf(stderr, "\t-e, --nce            Full DN of NCE\n");
 	fprintf(stderr, "\t-l, --nsdbname       NSDB hostname\n");
 	fprintf(stderr, "\t-r, --nsdbport       NSDB port\n");
-	fprintf(stderr, "\t-w, --bindpw         Bind password\n");
 	fprintf(stderr, "\t-y, --delete         Delete NSDB container info\n");
 
 	fprintf(stderr, "%s", fedfs_gpl_boilerplate);
@@ -102,7 +100,7 @@  nsdb_update_nci_usage(const char *progname)
 int
 main(int argc, char **argv)
 {
-	char *progname, *binddn, *bindpw, *nsdbname, *nce;
+	char *progname, *binddn, *nsdbname, *nce;
 	unsigned short nsdbport;
 	unsigned int ldap_err;
 	FedFsStatus retval;
@@ -130,7 +128,6 @@  main(int argc, char **argv)
 	xlog_syslog(0);
 	xlog_open(progname);
 
-	bindpw = NULL;
 	nsdb_env(&nsdbname, &nsdbport, &binddn, &nce);
 	if (nce == NULL)
 		nce = NSDB_DEFAULT_NCE;
@@ -158,9 +155,6 @@  main(int argc, char **argv)
 				nsdb_update_nci_usage(progname);
 			}
 			break;
-		case 'w':
-			bindpw = optarg;
-			break;
 		case 'y':
 			delete = true;
 			break;
@@ -197,7 +191,7 @@  main(int argc, char **argv)
 
 	if (binddn == NULL)
 		binddn = (char *)nsdb_default_binddn(host);
-	retval = nsdb_open_nsdb(host, binddn, bindpw, &ldap_err);
+	retval = nsdb_open_nsdb(host, binddn, NULL, &ldap_err);
 	switch (retval) {
 	case FEDFS_OK:
 		break;