digest-md5 problems with imapd, saslauthd and openldap
Craig Ringer
craig at postnewspapers.com.au
Thu Nov 6 23:12:34 EST 2003
> * imapd falls back to using sasldb access if digest authentication
> is tried
IMHO that calls for a FAQ entry. "I'm trying to use saslauthd, and cyrus
keeps on complaining that it can't read the SASL db - what's wrong?".
> * Getting sasl to use an auxprop method that calls an LDAP server is
> possible, but tricky. Various patches exist, but are non trivial
> to install and configure.
OK, I may be totally wrong here but I thought LDAP authentication was
normally done by logging in to the LDAP server with the user's name and
password. As such, you shouldn't have permission to read the user's
password off the LDAP server. I guess you could add a user 'cyrus' to
the LDAP server with permission to read passwords if you wanted to use
digest authentication types, though.
> * Not bother with digest authentication at all for now
I'd love to use it personally. I have concerns about giving read access
to passwords to anything, though. Does anybody here have an opinion on
kerberizing the network so that slapd, cyrus etc just use kerberos?
Craig Ringer
More information about the Info-cyrus
mailing list