Next release of CMU SASL - update

Alexey Melnikov alexey.melnikov at
Mon May 4 15:30:28 EDT 2009

Pascal Gienger wrote:

> Alexey Melnikov schrieb:
>> While I agree with you, the Cyrus SASL version in CVS has no way of 
>> generating such attributes. The code for generating them was removed 
>> long time ago.
> Yes but that's not a problem. The generation can be done OUTSIDE of 
> Cyrus SASL v2. We are running a User Identity Database which generates 
> the appropriate SASL settings for email roaming users for PLAIN and 
> DIGEST-MD5. No cleartext passwords in the database.
> Generation is not necessary in the sasl library, usage is enough, 
> because it is well defined how these values have to be computed (see 
> my other posting).

Ok, after thinking more about this, I would like to suggest the following:

1). Use of cmusaslsecretCRAM-MD5 will be ifdefed out.
2). cmusaslsecretDIGEST-MD5 is retained, I think your use case is valid.
3). I will ifdef-out deletion of all cmusaslsecret* attributes in 

Does this work?

In longer term I think we need to start using the authPassword attribute 
with values defined for SCRAM (see 
<>) and 
obsolete cmusaslsecretPLAIN.

More information about the Cyrus-sasl mailing list