sasldb2 storing clear text passwords.

Dan White dwhite at olp.net
Tue Jul 22 10:00:17 EDT 2008


Erland Nylend wrote:
> Hello,
> 
> I've set up a virtual test machine, with postfix and sasl, using
> sasldb, and things work as expected.
> 
> My question: is it possible to store the passwords in /etc/sasldb2
> as a SHA og MD5 string?
> 
> Storing all the users passwords in clear text is not a good thing.
> 
> We are setting up tls on port 587, and only plan to support auth
> plain and login.. so storing the passwords in clear text should not
> be nescessary.
> 

Erland,

If you don't require anything more than plain or login, then 
there are several other options available to authenticate your 
users within the SASL library other than the auxprop plugin (sasldb).

See the sysadmin documentation:

https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/~checkout~/src/sasl/doc/sysadmin.html

for some other options on how to authenticate your users. For 
instance, saslauthd does not require you to store your passwords 
in the clear.

- Dan


More information about the Cyrus-sasl mailing list