Next release of CMU SASL - update

Alexey Melnikov alexey.melnikov at
Thu Apr 9 13:13:54 EDT 2009

Pascal Gienger wrote:

> Addendum:
> cmusaslsecretPLAIN is also useful for people doing only cleartext 
> logins via SSL/TLS to  store only hashes of the password in their 
> sasldb ldap database.

While I agree with you, the Cyrus SASL version in CVS has no way of 
generating such attributes. The code for generating them was removed 
long time ago.

> Is the direction towards which cmu sasl is directing too the sole 
> usage of GSSAPI/Kerberos? That would be the only reason to cut down 
> the hash usage. "userPassword" is evil for me (stored in cleartext in 
> a database).

No, this was never the intent.

More information about the Cyrus-sasl mailing list