Please - correct me if I'm wrong - auxprop sasldb versus saslauthd sasldb

Sascha Vogt cyradm at papa.at
Sun Aug 24 18:21:55 EDT 2008


Reinaldo de Carvalho schrieb:
>> As far as I understand, both should authenticate against users in
>> /etc/sasldb2 and provide the same mechanisms.
>>
>> I'm asking becaus on my Debian Etch 4.0r4a (stable) variant 1 works, but
>> variant 2 doesn't and I dont know why. But I want to offer CRAM-MD5 and
>> DIGEST-MD5 too and this is AFAIK only possible with variant 2.
>>
>>     
>
> saslauthd receive password as cleartext to be compatible with many
> lookup types (pam, ldap, mysql). You must use TLS/SSL to improve
> security.
>
>   
Yes, you are right. That's planned, but not the question.

Sascha


More information about the Cyrus-sasl mailing list