Re: auxprop ldapdb

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2012-08-28 at 12:46 +0200, zorg wrote:
> the documentation is not very clear to me
> If I want to use auxprop with ldapdb
> Do i have to store my user password in clear in ldap or is the another 
> solution

Technically, no.  Generally, yes.

I have some information & examples concerning ldapdb @
<http://www.wmmi.net/documents/LDAP103.pdf> [starting around slide 13].

People get uneasy about storing clear-text in the DSA but it doesn't
bother me.  You are either storing it in the DSA or .... sending it over
the wire!  Which is worse?  And if someone breaches the security of your
DSA / DC then you are humped anyway.

> For the moment I m using saslauthd.conf but I wonder if I can use 
> auxprop to be more secure

Yes, then you can use much more secure authentication mechanisms such as
digest.  Clear text auth with encrypted stored passwords is like buying
a handgun to protect your home but always leaving the doors and windows
wide open.

Attachment: signature.asc
Description: This is a digitally signed message part

----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux