Pascal Gienger wrote:
Alexey Melnikov schrieb:
While I agree with you, the Cyrus SASL version in CVS has no way of
generating such attributes. The code for generating them was removed
long time ago.
Yes but that's not a problem. The generation can be done OUTSIDE of
Cyrus SASL v2. We are running a User Identity Database which generates
the appropriate SASL settings for email roaming users for PLAIN and
DIGEST-MD5. No cleartext passwords in the database.
Generation is not necessary in the sasl library, usage is enough,
because it is well defined how these values have to be computed (see
my other posting).
Ok, after thinking more about this, I would like to suggest the following:
1). Use of cmusaslsecretCRAM-MD5 will be ifdefed out.
2). cmusaslsecretDIGEST-MD5 is retained, I think your use case is valid.
3). I will ifdef-out deletion of all cmusaslsecret* attributes in
saslpasswd2.
Does this work?
In longer term I think we need to start using the authPassword attribute
with values defined for SCRAM (see
<http://tools.ietf.org/html/draft-melnikov-sasl-scram-ldap-01>) and
obsolete cmusaslsecretPLAIN.
