Cyrus IMAP Presentation
Eric Estabrooks
eric at urbanrage.com
Sun Sep 22 11:11:24 EDT 2002
Mathieu Arnold wrote:
>--On dimanche 22 septembre 2002 15:45 +0200 "Mr. Simix" <simix at datacomm.ch>
>wrote:
>
>
>
>>Rob Siemborski wrote:
>>
>>
>>>On Sun, 22 Sep 2002, Tarjei Huse wrote:
>>>
>>>
>>>
>>>
>>>>If you do not use saslpasswd2, then Cyrus only uses plaintext methods
>>>>for authentication, right?
>>>>
>>>>
>>>No. You can use a MySQL backend as well to supply the secrets for
>>>non-plaintext methods. The OpenLDAP people also have an auxprop
>>>plugin that will get the secerts directly from their datastore, but it
>>>only works internal to OpenLDAP.
>>>
>>>
>>Okay, but we can say whenever PAM is involved, then only plain can be
>>used, right?
>>
>>
>
>yes, because you cannot be sure to have access to plain text passwords
>using pam, and you need plain text passwords to do digests authentications.
>
>
It should be possible to write a pam module (or extend an existing one)
to include other mechanisms beside plain, if like you said you had plain
text passwords available on the server side. Of course there might be
an additional restriction imposed by the sasl interface in that it might
only present plain to the pam interface or the likes of saslauthd and
try to resolve others internally or drop them if configured for using pam.
This discussion has sparked my curiosity, I'm going to try and see if I
can get CRAM into a pam module.
Eric
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
Url : https://lists.andrew.cmu.edu/mailman/private/info-cyrus/attachments/20020922/b6a1dac5/smime.bin
More information about the Info-cyrus
mailing list