On 01/12/11 08:26 +0100, Patrick Ben Koetter wrote:
* Carson Gaspar <carson@xxxxxxxxxx>:
On 11/30/2011 4:18 PM, Howard Chu wrote:
>>>On 30/11/11 11:16 +0100, Christian Roessner wrote:
>>>>cmusaslsecretCRAM-MD5
>>>>cmusaslsecretDIGEST-MD5 and
>>>>cmusaslsecretNTLM
>As I recall these are all plaintext-equivalents; i.e. there is no
>security benefit from using these pre-hashed values, so they've been
>deprecated already. The plugins will retrieve and use them if they're
>present, but nothing creates them.
They are _not_ plaintext equivalents. They are realm-limited, so
compromise is limited to just the set of services sharing that realm
(in many cases a single service). i.e. they don't let me use your
password to log in to gmail, or get a shell on your box.
The fact that the cyrus folks decided to deprecate these in favor of
Are they really deprecated? Because if they are its no use to document them
which is something I am working on.
p@rick
p@rick,
I know you've been working on some new manpages. I've spent a little time
adding a sasl guide to jmeeuwen's (et al) cyrus imap documentation at:
http://git.cyrusimap.org/cyrus-imapd-docs/tree/Sasl_Guide/en-US
It's mostly just a loose collection of notes at this point, but I don't
want to duplicate what you're doing if you're also working on something
similar. The focus of that guide guide will be more of an
example-and-explanatory-text, or book style, documentation.
--
Dan White
