[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL and non-cleartext passwords storage

To: Julien Vehent <julien@linuxwall.info>
Subject: Re: SASL and non-cleartext passwords storage
From: Howard Chu <hyc@symas.com>
Date: Sun, 18 Sep 2011 12:46:14 -0700
Cc: "Jacobus brogly.decap" <jacobusbogers@gmail.com>, Openldap technical <openldap-technical@openldap.org>
In-reply-to: <13724ee9d5b9a04dcf71b2b2627f989d@linuxwall.info>
References: <fb7bbb66233b24a6781ff4568ee8327b@linuxwall.info> <CAO+ERrCp09KGRxkmJ6g-4in_n8wgg4ZUWzx6kDEG3fOeOkDx5w@mail.gmail.com> <e33921bfcf6e63138604c89cd6c9d34d@linuxwall.info> <CAO+ERrB+=zEayPP9dYvhZKmyd4g1gGFxEqgUAbFSYDvdD8b7sw@mail.gmail.com> <13724ee9d5b9a04dcf71b2b2627f989d@linuxwall.info>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:7.0a1) Gecko/20110612 Firefox/7.0a1 SeaMonkey/2.4a1

Julien Vehent wrote:

This method is nice because it avoid having an additional software in
between postfix and cyrus (pam-ldap or saslauthd). But the problem is
that ldapdb requires to use DIGEST-MD5 and therefore to store the
passwords in cleartext in the directory.

ldapdb doesn't require any such thing. DIGEST-MD5 requires plaintext. If youdon't want to store plaintext passwords, don't use DIGEST-MD5.


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

References:
- SASL and non-cleartext passwords storage
  - From: Julien Vehent <julien@linuxwall.info>
- Re: SASL and non-cleartext passwords storage
  - From: Julien Vehent <julien@linuxwall.info>
- Re: SASL and non-cleartext passwords storage
  - From: Julien Vehent <julien@linuxwall.info>

Prev by Date: Re: SASL and non-cleartext passwords storage
Next by Date: Re: Rename DN ?
Index(es):
- Chronological
- Thread