how to enable digestmd5 and crammd5 ?

JOYDEEP j.bakshi at unlimitedmail.org
Fri Apr 20 05:18:15 EDT 2007


Dmitriy Kirhlarov wrote:
> On Fri, Apr 20, 2007 at 09:47:07AM +0530, JOYDEEP wrote:
>   
>> Goetz Babin-Ebell wrote:
>>     
>>> JOYDEEP schrieb:
>>>       
>>>>> Roberto R. Morelli wrote:
>>>>>           
>>> Hello Joydeep,
>>>       
>>>>>> Then we have the cyrus sasl modules installed:
>>>>>>
>>>>>> cyrus-sasl-md5-2.1.22-4
>>>>>> cyrus-sasl-2.1.22-4
>>>>>> cyrus-sasl-lib-2.1.22-4
>>>>>> cyrus-sasl-plain-2.1.22-4
>>>>>>             
>>>>> But I have come to know that digest-md5 and cram-md5 need sasldb. so
>>>>> here I can't use it as my users and passwords are stored in LDAP.
>>>>> any idea ?
>>>>>           
>>> The problem is that cram-md5 and digest-md5 need direct access to the
>>> pass phrase in plain text.
>>> AFAIK LDAP doesn't support this.
>>> You have to use TLS if you want to transmit the pass phrase securely...
>>>       
>> Thanks Goetz,
>>
>> I am already running SSL aka imaps. but still was interested about
>> cram-md5 and digest-md5 for secured authorization.
>>     
>
> 1. have to store plaintext passwords in ldap directory.
>   
Password is stored using {crypt}
> 2. ACL on ldap directory must be configured for open access to
> userPassword field for read, not only for auth.
>   
This one I can't understand :-(
> 3. cyrus imapd must use saslauthd for authentication.
>   
OK, here saslauthd is using pam amd pam is using pam_unix.so and pam_ldap.so

> 4. saslauthd must have access to users passwords in ldap and must have
> configured ldapdb_mech option.
>   
saslauthd can access the ldap database for authentication

> For details see cyrus-sasl2 documentation -- options.html.
>
> WBR.
> Dmitriy
> ----
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
>
>   



More information about the Info-cyrus mailing list