--On Saturday, November 6, 2021 9:45 PM +0100 Dieter Klünter
<dieter@xxxxxxxxxxxx> wrote:
Am Thu, 04 Nov 2021 07:46:17 +0200
schrieb Дилян Палаузов <dilyan.palauzov@xxxxxxxxx>:
Hello Patrick,
I propose you make first a working setup with sasldb-backend. This is
a local database with username@domain:password. Once it works, your
system is set up correctly and only the authentication need to be
tweaked.
DIGEST-MD5 requires that the server stores the password in plain text.
It does work with sasldb, but e.g. with Kerberos it does not work.
You have to tell the server explicitly not to advertise DIGEST-MD5 in
such cases.
Forget about sasldb in context with OpenLDAP.
Alternatively you may think about TOTP:
https://blog.sys4.de/totp-time-based-one-time-password-authentication-en.
html
Or check out OpenLDAP 2.5+ which has an OTP module:
<https://www.openldap.org/software/man.cgi?query=slapo-otp&apropos=0&sektion=0&manpath=OpenLDAP+2.6-Release&arch=default&format=html>
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
------------------------------------------
Cyrus: SASL
Permalink: https://cyrus.topicbox.com/groups/sasl/T2c60ca246b64197b-Mefc36a256aed1e1f4a1203f3
Delivery options: https://cyrus.topicbox.com/groups/sasl/subscription