Next release of CMU SASL - update

Pascal Gienger Pascal.Gienger at
Thu Apr 9 04:24:46 EDT 2009

Pascal Gienger schrieb:
> Alexey Melnikov schrieb:
>> 1). Remove extra (unused) mutex in libsasl
>> 2). Merge my utils/pluginviewer.c changes
>> 3). Investigate global callback updating in subsequent 
>> sasl_server_init() calls
>> 4). Commit SQLite3 configure change. Test SQLite3 plugin.
>> 5). Remove use of obsolete cmusasl... attributes
>> 6). Strip trailing spaces from options during server configuration 
>> loading
>> 7). Investigate fix for bug # 2822 (OTP does not work with prompts)
>> 8). Review patch for bug # 3134 (Improved error reporting from 
>> auth_getpwent)
>> 9). MacOS dlopen.c change (+ the libtool change?)
>> 10). Merge Debian bugfixes 
> Is 5 really necessary?
> There are quite some people who actually use cmusaslsecretDIGEST-MD5 to 
> store secrets via ldap. If their hash database gets stolen they can 
> change the realm (DIGEST-MD5!) and recompute all the hashes, making the 
> stolen hashes useless.


cmusaslsecretPLAIN is also useful for people doing only cleartext logins 
via SSL/TLS to  store only hashes of the password in their sasldb ldap 

Is the direction towards which cmu sasl is directing too the sole usage 
of GSSAPI/Kerberos? That would be the only reason to cut down the hash 
usage. "userPassword" is evil for me (stored in cleartext in a database).

More information about the Cyrus-sasl mailing list