On Tue, 2012-08-28 at 12:46 +0200, zorg wrote: > the documentation is not very clear to me > If I want to use auxprop with ldapdb > Do i have to store my user password in clear in ldap or is the another > solution Technically, no. Generally, yes. I have some information & examples concerning ldapdb @ <http://www.wmmi.net/documents/LDAP103.pdf> [starting around slide 13]. People get uneasy about storing clear-text in the DSA but it doesn't bother me. You are either storing it in the DSA or .... sending it over the wire! Which is worse? And if someone breaches the security of your DSA / DC then you are humped anyway. > For the moment I m using saslauthd.conf but I wonder if I can use > auxprop to be more secure Yes, then you can use much more secure authentication mechanisms such as digest. Clear text auth with encrypted stored passwords is like buying a handgun to protect your home but always leaving the doors and windows wide open.
Attachment:
signature.asc
Description: This is a digitally signed message part
---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus