Storing SASL passwords in database in hashed form (e.g. PBKDF2)

Johannes Bauer dfnsonfsduifb at gmx.de
Thu Jan 30 20:11:21 EST 2014


On 30.01.2014 22:29, Johannes Bauer wrote:

> I'm also well aware that this limits Postfix to PLAIN authentication.
> This is perfectly fine as I'm exclusively using smtps (i.e. TLS) and
> therefore is not a problem. Having plain text passwords in a database is.

Already fixed the problem. The solution was to ditch cyrus-sasl in favor
of dovecot-sasl. Dovecot has the ability to store salted passwords and
provides easy access to database backends (i.e. no fiddling with PAM
modules or such) and on top of it all it produces fantastic log messages
and is therefore really easy to setup.

Sorry for disturbing the list,
Cheers,
Johannes


More information about the Cyrus-sasl mailing list