On 2015-03-12 17:42, Geoff Winkless wrote: > On 12 March 2015 at 16:04, Vladislav Kurz <vladislav.kurz@xxxxxxxxxxx > <mailto:vladislav.kurz@xxxxxxxxxxx>>wrote: > > __ > > On Thursday 12 of March 2015 Ram <ram@xxxxxxxxxxxxx > <mailto:ram@xxxxxxxxxxxxx>> wrote: > > > > > > You need access to plaintext passwords for CRAM/DIGEST-MD5. > > > > > > > > LDAP and saslauthd do not provide that. > > > > > > How can I use CRAM-MD5 with passwords stored in LDAP (in MD5 format ) > > > then ? > > > > > > I need to disable plain & login methods and cannot store passwords in > > > plain text too. > > > > I'm afraid you are trying to do impossible things. Read more about > how cram-md5 works. You can eforce ssl/tls encryption and use > plain/login auth. > > > The definition of "plain text" doesn't mean that it cannot be stored in > a retrievable form. You could make a fairly simple patch to retrieve the > ciphertext from a ROT13 store, as an extreme example :) AD supports an (AES-based, I think?) "reversible encryption" option for their LDAP passwords. This might be the sanest venue for this kind of "feature". > > G > > > ---- > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus > -- Mit freundlichen Grüßen, / Best Regards, Sven Schwedas Systemadministrator TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz Mail/XMPP: sven.schwedas@xxxxxx | +43 (0)680 301 7167 http://software.tao.at
Attachment:
signature.asc
Description: OpenPGP digital signature
---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
