Pascal Gienger schrieb:
Alexey Melnikov schrieb:1). Remove extra (unused) mutex in libsasl 2). Merge my utils/pluginviewer.c changes3). Investigate global callback updating in subsequent sasl_server_init() calls4). Commit SQLite3 configure change. Test SQLite3 plugin. 5). Remove use of obsolete cmusasl... attributes6). Strip trailing spaces from options during server configuration loading7). Investigate fix for bug # 2822 (OTP does not work with prompts)8). Review patch for bug # 3134 (Improved error reporting from auth_getpwent)9). MacOS dlopen.c change (+ the libtool change?)10). Merge Debian bugfixesIs 5 really necessary?There are quite some people who actually use cmusaslsecretDIGEST-MD5 to store secrets via ldap. If their hash database gets stolen they can change the realm (DIGEST-MD5!) and recompute all the hashes, making the stolen hashes useless.
Addendum:cmusaslsecretPLAIN is also useful for people doing only cleartext logins via SSL/TLS to store only hashes of the password in their sasldb ldap database.
Is the direction towards which cmu sasl is directing too the sole usage of GSSAPI/Kerberos? That would be the only reason to cut down the hash usage. "userPassword" is evil for me (stored in cleartext in a database).
