Can I use hashed password for ldap_bind_pw in saslauthd.conf?

he.tao at he.tao at
Thu Oct 6 10:35:44 EDT 2005

I'm using saslauthd to auth with active directory,what config works for me 
ldap_servers: ldap://
ldap_filter: (sAMAccountName=%u)
ldap_bind_dn: Administrator at
ldap_bind_pw: simpleclearpassword

I think the clear password transport in network is dangerous...
How can I use sasl with it?
thx in advance!

Igor Brezac <igor at>
10/06/2005 08:46 PM

        To:     he.tao at
        cc:     "Raymond T. Sundland" <raymond at>, 
info-cyrus at
        Subject:        Re: Can I use hashed password for ldap_bind_pw in saslauthd.conf?

If you know of a really effective two way hash, please submit code.

Otherwise you can use sasl and you will not need to specify the password 
in saslauthd.conf:

ldap_use_sasl: yes
ldap_server: ldap:///
ldap_mech: DIGEST-MD5


On Thu, 6 Oct 2005, Raymond T. Sundland wrote:

> chmod 400 saslauthd.conf
> If someone has enough access to read the file at this point, they have 
> access to modify your LDAP database files using the 'slapcat' and 
> commands, so any additional security of a hashed password would be 
> he.tao at wrote:
>>  It's really a bad idea to use clear text..
>> ----
>> Cyrus Home Page:
>> Cyrus Wiki/FAQ:
>> List Archives/Info:


-------------- next part --------------
An HTML attachment was scrubbed...

More information about the Info-cyrus mailing list