Hi, > cmusaslsecretCRAM-MD5 > cmusaslsecretDIGEST-MD5 and > cmusaslsecretNTLM first of all thank you very much for all the answers. I decided to drop ldapdb in favor of saslauthd and use SSHA passwords in the database right now. I (or saying better: for our use case), we can force the client user to use SSL/TLS for securing the password (the whole mail). So this seems to be the compromise of having maximum security on client-to-server and server-to-server communication. It's currently done on the test setup. Are there any security aspects that would speak against such a dicision? Thanks very much Christian -- Roessner-Network-Solutions Bachelor of Science Informatik 50°34.725'N, 08°40.904'O, Nahrungsberg 81, 35390 Giessen F: +49 641 33055572, M: +49 176 93118939 USt-IdNr.: DE225643613 http://www.roessner-network-solutions.com
Attachment:
signature.asc
Description: OpenPGP digital signature
