Can I use hashed password for ldap_bind_pw in saslauthd.conf?
he.tao at trilogy.com
he.tao at trilogy.com
Thu Oct 6 10:35:44 EDT 2005
I'm using saslauthd to auth with active directory,what config works for me
is
ldap_servers: ldap://domain.com:3268/
ldap_filter: (sAMAccountName=%u)
ldap_bind_dn: Administrator at domain.com
ldap_bind_pw: simpleclearpassword
I think the clear password transport in network is dangerous...
How can I use sasl with it?
thx in advance!
Igor Brezac <igor at ipass.net>
10/06/2005 08:46 PM
To: he.tao at trilogy.com
cc: "Raymond T. Sundland" <raymond at sundland.com>,
info-cyrus at lists.andrew.cmu.edu
Subject: Re: Can I use hashed password for ldap_bind_pw in saslauthd.conf?
If you know of a really effective two way hash, please submit code.
Otherwise you can use sasl and you will not need to specify the password
in saslauthd.conf:
ldap_use_sasl: yes
ldap_server: ldap:///
ldap_mech: DIGEST-MD5
-Igor
On Thu, 6 Oct 2005, Raymond T. Sundland wrote:
> chmod 400 saslauthd.conf
>
> If someone has enough access to read the file at this point, they have
enough
> access to modify your LDAP database files using the 'slapcat' and
'slapadd'
> commands, so any additional security of a hashed password would be
useless.
>
> he.tao at trilogy.com wrote:
>
>>
>> It's really a bad idea to use clear text..
>>
>>
------------------------------------------------------------------------
>>
>> ----
>> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>
>
--
Igor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.andrew.cmu.edu/mailman/private/info-cyrus/attachments/20051006/d5c4cc89/attachment.html
More information about the Info-cyrus
mailing list