[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL and non-cleartext passwords storage

To: Openldap technical <openldap-technical@openldap.org>
Subject: SASL and non-cleartext passwords storage
From: Julien Vehent <julien@linuxwall.info>
Date: Sun, 18 Sep 2011 12:13:59 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed; d=linuxwall.info; h= mime-version:content-type:content-transfer-encoding:date:from:to :subject:message-id; s=lnw-dkim; bh=sufJk2R8RrLF+oxGqHyW3DahvKK4 77nhr9wuxFz6QBE=; b=RgKUYwFuQjPRObRz1FHG18dBy3INrTJZNGa0FucSk9OV xsVAvAxb6OVDr3D52sBo2Y73Mt02ZJZjDuZxsyMpDMrYJOLbKKfEoG1kQjSH/vmz fr/Oa9j0eRUyZ3z30ELhwa8yyF+ZzZSzvYGQCgrV621+QeOjtm1dWmJWNZ4w/3I=
Organization: linuxwall.info
User-agent: Linuxwall Roundcube Webmail/0.6-svn

Hi List,

I'm working on a setup where postfix and cyrus-imap do proxyauthorization against openldap (my setup is here http://1nw.eu/!cD ). Ilove this solution, it's a lot more elegant that using saslauthd. ButI'm concerned about passwords stored in cleartext, as required byDIGEST-MD5.

I know of the many ways to protect the data stored in openldap (filesystem encryption, etc...), but if somebody gets a root access,passwords will be disclosed, and I want to prevent that.

My question is: Is there a way to use hashed passwords with sasl andproxy authorization ?



Thanks,
Julien

Prev by Date: Re: Not able to run OpenLDAP in SLES11
Next by Date: Re: SASL and non-cleartext passwords storage
Index(es):
- Chronological
- Thread