On Mon, Feb 4, 2013 at 6:44 PM, Marc Patermann <hans.moser@xxxxxxxxxxxxxxxxxxxxxx> wrote:
Wolfgang
Wolfgang Rosenauer schrieb (04.02.2013 18:03 Uhr):What did you test? (I did not do it myself.)
I played around some more with openldap's SASL and ran exactly into the issue that SASL seems to explicitely _not_ support CRYPT userPasswords.
So yes, keeping saslauthd using PAM would help with that.
Like an ldapsearch with "-Y cram-md5" or "-Y plain" both do not work against an object where userPassword is encrypted with CRYPT?
And both do work while it is encrypted with like SHA or unencrypted?
DIGEST-MD5 did not work (as expected) and PLAIN also failed with
slap_ap_lookup: str2ad(cmusaslsecretPLAIN): attribute type undefined
SASL [conn=1004] Failure: Password verification failed
slap_ap_lookup: str2ad(cmusaslsecretPLAIN): attribute type undefined
SASL [conn=1004] Failure: Password verification failed
When I googled for that issue I found statements that SASL cannot handle CRYPT passwords and tries to fall back to cmusaslsecret what I do not have.
I haven't tried plain passwords since I have no test setup at the moment and didn't want to kill the production mail server.
Wolfgang
---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
