howto out of date?
Bill Kearney
wkearney99 at hotmail.com
Tue Nov 22 10:39:39 EST 2005
It seems like most of the various howto websites aren't in sync with the
current state of cyrus imap and sasl2.
That is, since postfix and cyrus can both speak SQL natively where's the
point in bothering with use of pam_mysql? Not to knock it, of course, but
why bother using it along with pam and saslauthd when you can just use sql
natively?
Then there's the matter of whether or not to use encrypted passwords. If
you use them then doesn't that limited using challenge-response? But is
that really needed/supported in most clients? Having plain text passwords
in the database has it's own risks but that traffic is generally not 'in the
clear'. Using plain text passwords from the client to the server is a bad
idea of course but how secure does this truly need to be, in regard to how
it impacts password storage?
If someone's setting up a brand new cyrus/posfix/squirrelmail/mysql server
then what REALLY should be used?
-Bill Kearney
More information about the Info-cyrus
mailing list