Re: how to enable digestmd5 and crammd5 ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Apr 20, 2007 at 09:47:07AM +0530, JOYDEEP wrote:
> Goetz Babin-Ebell wrote:
> > JOYDEEP schrieb:
> > >> Roberto R. Morelli wrote:
> > Hello Joydeep,
> > >>> Then we have the cyrus sasl modules installed:
> > >>>
> > >>> cyrus-sasl-md5-2.1.22-4
> > >>> cyrus-sasl-2.1.22-4
> > >>> cyrus-sasl-lib-2.1.22-4
> > >>> cyrus-sasl-plain-2.1.22-4
> > >> But I have come to know that digest-md5 and cram-md5 need sasldb. so
> > >> here I can't use it as my users and passwords are stored in LDAP.
> > >> any idea ?
> > The problem is that cram-md5 and digest-md5 need direct access to the
> > pass phrase in plain text.
> > AFAIK LDAP doesn't support this.
> > You have to use TLS if you want to transmit the pass phrase securely...
> 
> Thanks Goetz,
> 
> I am already running SSL aka imaps. but still was interested about
> cram-md5 and digest-md5 for secured authorization.

1. have to store plaintext passwords in ldap directory.
2. ACL on ldap directory must be configured for open access to
userPassword field for read, not only for auth.
3. cyrus imapd must use saslauthd for authentication.
4. saslauthd must have access to users passwords in ldap and must have
configured ldapdb_mech option.

For details see cyrus-sasl2 documentation -- options.html.

WBR.
Dmitriy
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux