> -----Original Message----- > it seems that sasldb stores all password in cleartext. Is it > possible to > use md5 or crypt as in /etc/passwd? No, it's not. The entire point is to enable using CRAM-MD5 and other such mechanisms which require access to the plain-text password. The advantage of this is that you can login without TLS/SSL if you have to. I'll admit that it can be irritating, but that file should only be readable by the cyrus user and the password should only be used for cyrus anyway. So it doesn't matter - if someone can get read access to that file with permissions set correctly (owner cyrus, permissions set to 700), then they can get into cyrus so your system is compromised anyway. So who cares? Make sure that NOTHING else can access that file. Obviously you'll need to be user cyrus or user root to change any passwords in that file so don't use it for anything other than admin accounts (or write a GOOD wrapper that is setuid to user cyrus around the sasldb access programs if you have to give more people access). Regards, Sarah Walters ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
