Hello, I had some email contact with Patrick-Ben Koetter and we both tried to figure out some SASL configuration. We came to a point, where he gave me this mailing list address and told me, I could meet Dan White here. To speak for myself: I have the following situation: A running Postfix server with cyrus sasl (module ldapdb). The ldapdb connects to my LDAP server, which has passwords in cleartext in the userPassword attribute. This is a working setup, but sure you guess, I do not really like cleartext passwords in the database. Yet we could not find out, if it is possible to create LDAP schema attrbutes like: cmusaslsecretCRAM-MD5 cmusaslsecretDIGEST-MD5 and cmusaslsecretNTLM Is there some place for the saslpasswd2.conf configuration file? Could someone please show me, how this file must look like for ldapdb? In this case also interesting: Does it support SASL/EXTERNAL for certificate based authentication/authorization to the LDAP-server? If this is easy to do, my final question goes like this: Can I remove the userPassword attribute after adding the new attributes? And is a mail client (Thunderbird, Outlook, ...) still be able to do _any_ kind of authentication (Postfix does allow PLAIN over TLS). If the client would do NTLM, and there is no more cleartext password in the LDAP database; how can SASL do its job? I do not fully understand, how both sides can have CRAM-MD5 or NTLM i.e. and still check passwords? I guess my understanding about SASL and the attributes seen above lacks some information ;-) Hope I could describe my/our problem clear enough and I really thank a lot in advance for any kind of help on this topic. Best wishes Christian --- Roessner-Network-Solutions Bachelor of Science Informatik Nahrungsberg 81, 35390 Gießen F: +49 641 33055572, M: +49 176 93118939 USt-IdNr.: DE225643613 http://www.roessner-network-solutions.com
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
