Next release of CMU SASL - update
Alexey Melnikov
alexey.melnikov at isode.com
Mon May 4 15:30:28 EDT 2009
Pascal Gienger wrote:
> Alexey Melnikov schrieb:
>
>> While I agree with you, the Cyrus SASL version in CVS has no way of
>> generating such attributes. The code for generating them was removed
>> long time ago.
>
> Yes but that's not a problem. The generation can be done OUTSIDE of
> Cyrus SASL v2. We are running a User Identity Database which generates
> the appropriate SASL settings for email roaming users for PLAIN and
> DIGEST-MD5. No cleartext passwords in the database.
>
> Generation is not necessary in the sasl library, usage is enough,
> because it is well defined how these values have to be computed (see
> my other posting).
Ok, after thinking more about this, I would like to suggest the following:
1). Use of cmusaslsecretCRAM-MD5 will be ifdefed out.
2). cmusaslsecretDIGEST-MD5 is retained, I think your use case is valid.
3). I will ifdef-out deletion of all cmusaslsecret* attributes in
saslpasswd2.
Does this work?
In longer term I think we need to start using the authPassword attribute
with values defined for SCRAM (see
<http://tools.ietf.org/html/draft-melnikov-sasl-scram-ldap-01>) and
obsolete cmusaslsecretPLAIN.
More information about the Cyrus-sasl
mailing list