On Fri, Apr 20, 2007 at 10:55:19AM +0200, Goetz Babin-Ebell wrote: > > 1. have to store plaintext passwords in ldap directory. > > 2. ACL on ldap directory must be configured for open access to > > userPassword field for read, not only for auth. > And with that open a can of worms I don't think Joydeep want to > open... > > > 3. cyrus imapd must use saslauthd for authentication. > > 4. saslauthd must have access to users passwords in ldap and must have > > configured ldapdb_mech option. > So cyrus can't do plain cram-md5 / digest-md5 with LDAP > But saslauthd can. > Something new... o-ops... Shared secrets mechanisms Put another way, you cannot use saslauthd with these methods. Auxiliary Properties SASLv2 introduces the concept of Auxilliary Properties. That is, the ability for information related to authentication and authorization to all be looked up at once from a directory during the authentication process. SASL Plugins internally take advantage of this to do password lookups in directories such as the SASLdb, LDAP or a SQL database. Applications can look up arbitrary properties through them. imapd.conf(5): sasl_pwcheck_method: <none> The mechanism used by the server to verify plaintext passwords. Possible values include "auxprop", ... May be it can help, but I'm not sure. WBR. Dmitriy ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
