Next release of CMU SASL - update
alexey.melnikov at isode.com
Mon May 4 15:30:28 EDT 2009
Pascal Gienger wrote:
> Alexey Melnikov schrieb:
>> While I agree with you, the Cyrus SASL version in CVS has no way of
>> generating such attributes. The code for generating them was removed
>> long time ago.
> Yes but that's not a problem. The generation can be done OUTSIDE of
> Cyrus SASL v2. We are running a User Identity Database which generates
> the appropriate SASL settings for email roaming users for PLAIN and
> DIGEST-MD5. No cleartext passwords in the database.
> Generation is not necessary in the sasl library, usage is enough,
> because it is well defined how these values have to be computed (see
> my other posting).
Ok, after thinking more about this, I would like to suggest the following:
1). Use of cmusaslsecretCRAM-MD5 will be ifdefed out.
2). cmusaslsecretDIGEST-MD5 is retained, I think your use case is valid.
3). I will ifdef-out deletion of all cmusaslsecret* attributes in
Does this work?
In longer term I think we need to start using the authPassword attribute
with values defined for SCRAM (see
More information about the Cyrus-sasl