Documentation (was Information about SASL and LDAP)

Dan White dwhite at olp.net
Thu Dec 1 10:25:31 EST 2011


On 01/12/11 08:26 +0100, Patrick Ben Koetter wrote:
>* Carson Gaspar <carson at taltos.org>:
>> On 11/30/2011 4:18 PM, Howard Chu wrote:
>> >>>On 30/11/11 11:16 +0100, Christian Roessner wrote:
>>
>> >>>>cmusaslsecretCRAM-MD5
>> >>>>cmusaslsecretDIGEST-MD5 and
>> >>>>cmusaslsecretNTLM
>>
>> >As I recall these are all plaintext-equivalents; i.e. there is no
>> >security benefit from using these pre-hashed values, so they've been
>> >deprecated already. The plugins will retrieve and use them if they're
>> >present, but nothing creates them.
>>
>> They are _not_ plaintext equivalents. They are realm-limited, so
>> compromise is limited to just the set of services sharing that realm
>> (in many cases a single service). i.e. they don't let me use your
>> password to log in to gmail, or get a shell on your box.
>>
>> The fact that the cyrus folks decided to deprecate these in favor of
>
>Are they really deprecated? Because if they are its no use to document them
>which is something I am working on.
>
>p at rick

p at rick,

I know you've been working on some new manpages. I've spent a little time
adding a sasl guide to jmeeuwen's (et al) cyrus imap documentation at:

http://git.cyrusimap.org/cyrus-imapd-docs/tree/Sasl_Guide/en-US

It's mostly just a loose collection of notes at this point, but I don't
want to duplicate what you're doing if you're also working on something
similar. The focus of that guide guide will be more of an
example-and-explanatory-text, or book style, documentation.

-- 
Dan White


More information about the Cyrus-sasl mailing list