Dmitriy Kirhlarov wrote:
> On Fri, Apr 20, 2007 at 09:47:07AM +0530, JOYDEEP wrote:
>
>> Goetz Babin-Ebell wrote:
>>
>>> JOYDEEP schrieb:
>>>
>>>>> Roberto R. Morelli wrote:
>>>>>
>>> Hello Joydeep,
>>>
>>>>>> Then we have the cyrus sasl modules installed:
>>>>>>
>>>>>> cyrus-sasl-md5-2.1.22-4
>>>>>> cyrus-sasl-2.1.22-4
>>>>>> cyrus-sasl-lib-2.1.22-4
>>>>>> cyrus-sasl-plain-2.1.22-4
>>>>>>
>>>>> But I have come to know that digest-md5 and cram-md5 need sasldb. so
>>>>> here I can't use it as my users and passwords are stored in LDAP.
>>>>> any idea ?
>>>>>
>>> The problem is that cram-md5 and digest-md5 need direct access to the
>>> pass phrase in plain text.
>>> AFAIK LDAP doesn't support this.
>>> You have to use TLS if you want to transmit the pass phrase securely...
>>>
>> Thanks Goetz,
>>
>> I am already running SSL aka imaps. but still was interested about
>> cram-md5 and digest-md5 for secured authorization.
>>
>
> 1. have to store plaintext passwords in ldap directory.
>
Password is stored using {crypt}
> 2. ACL on ldap directory must be configured for open access to
> userPassword field for read, not only for auth.
>
This one I can't understand :-(
> 3. cyrus imapd must use saslauthd for authentication.
>
OK, here saslauthd is using pam amd pam is using pam_unix.so and pam_ldap.so
> 4. saslauthd must have access to users passwords in ldap and must have
> configured ldapdb_mech option.
>
saslauthd can access the ldap database for authentication
> For details see cyrus-sasl2 documentation -- options.html.
>
> WBR.
> Dmitriy
> ----
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
>
>
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
