On Mon, 1 Oct 2012 09:49:55 -0500 Dan White wrote: Hi Dan, [...] > This result is not due to the fact that you are using the ldap > saslauthd backend, but because you are using PLAIN and LOGIN, which > do not provide network protection. See: > > http://www.cyrussasl.org/docs/cyrus-sasl/2.1.25/mechanisms.php > > And the 'Max SSF' column. > > saslauthd requires the receipt of a plain text password for > verification. DISGEST-MD5 is not possible in this kind of set up. Thanks for the explanation. > If you can protect your subversion session with TLS, then that may > suffice. Yes, I was thinking on moving my svn conf to apahce+SSL, but I'd like to understand this and give it a try... > You could use the ldapdb auxprop plugin, instead of the saslauthd ldap > backend, to support DIGEST-MD5 and network protection. Ok, I've done so but still having some issues, before asking them there's one thing that I don't understand . When doing this conf, all user passwords in ldap must be in plain text? or only the account used for proxy authentication ? In otehr words: I'm in the process of creating a ldap subversion user and give him perms to act as other users. subversion has its passwrod in plain text ,but other ldap users also need plain text passwrods? TIA, Arnau
