how to enable digestmd5 and crammd5 ?

Dmitriy Kirhlarov dkirhlarov at oilspace.com
Fri Apr 20 03:14:41 EDT 2007


On Fri, Apr 20, 2007 at 09:47:07AM +0530, JOYDEEP wrote:
> Goetz Babin-Ebell wrote:
> > JOYDEEP schrieb:
> > >> Roberto R. Morelli wrote:
> > Hello Joydeep,
> > >>> Then we have the cyrus sasl modules installed:
> > >>>
> > >>> cyrus-sasl-md5-2.1.22-4
> > >>> cyrus-sasl-2.1.22-4
> > >>> cyrus-sasl-lib-2.1.22-4
> > >>> cyrus-sasl-plain-2.1.22-4
> > >> But I have come to know that digest-md5 and cram-md5 need sasldb. so
> > >> here I can't use it as my users and passwords are stored in LDAP.
> > >> any idea ?
> > The problem is that cram-md5 and digest-md5 need direct access to the
> > pass phrase in plain text.
> > AFAIK LDAP doesn't support this.
> > You have to use TLS if you want to transmit the pass phrase securely...
> 
> Thanks Goetz,
> 
> I am already running SSL aka imaps. but still was interested about
> cram-md5 and digest-md5 for secured authorization.

1. have to store plaintext passwords in ldap directory.
2. ACL on ldap directory must be configured for open access to
userPassword field for read, not only for auth.
3. cyrus imapd must use saslauthd for authentication.
4. saslauthd must have access to users passwords in ldap and must have
configured ldapdb_mech option.

For details see cyrus-sasl2 documentation -- options.html.

WBR.
Dmitriy


More information about the Info-cyrus mailing list