RE: only cleartext in sasldb?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



 

> -----Original Message-----
> it seems that sasldb stores all password in cleartext. Is it 
> possible to 
> use md5 or crypt as in /etc/passwd?

No, it's not. The entire point is to enable using CRAM-MD5 and other
such mechanisms which require access to the plain-text password. The
advantage of this is that you can login without TLS/SSL if you have to.

I'll admit that it can be irritating, but that file should only be
readable by the cyrus user and the password should only be used for
cyrus anyway. So it doesn't matter - if someone can get read access
to that file with permissions set correctly (owner cyrus, permissions 
set to 700), then they can get into cyrus so your system is compromised
anyway. So who cares?

Make sure that NOTHING else can access that file. Obviously you'll
need to be user cyrus or user root to change any passwords in that
file so don't use it for anything other than admin accounts (or write
a GOOD wrapper that is setuid to user cyrus around the sasldb access
programs if you have to give more people access).

Regards,
Sarah Walters
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux