digest-md5 problems with imapd, saslauthd and openldap
rjs3 at andrew.cmu.edu
Fri Nov 7 09:40:27 EST 2003
On Fri, 7 Nov 2003, Craig Ringer wrote:
> > * Getting sasl to use an auxprop method that calls an LDAP server is
> > possible, but tricky. Various patches exist, but are non trivial
> > to install and configure.
> OK, I may be totally wrong here but I thought LDAP authentication was
> normally done by logging in to the LDAP server with the user's name and
> password. As such, you shouldn't have permission to read the user's
> password off the LDAP server. I guess you could add a user 'cyrus' to
> the LDAP server with permission to read passwords if you wanted to use
> digest authentication types, though.
There are many different ways to use LDAP to enable authentication.
Binding with the user's password is only one such way.
> > * Not bother with digest authentication at all for now
> I'd love to use it personally. I have concerns about giving read access
> to passwords to anything, though. Does anybody here have an opinion on
> kerberizing the network so that slapd, cyrus etc just use kerberos?
Its how CMU has been doing it since almost day one ;)
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper
More information about the Info-cyrus