how to enable digestmd5 and crammd5 ?
Dmitriy Kirhlarov
dkirhlarov at oilspace.com
Fri Apr 20 06:57:17 EDT 2007
On Fri, Apr 20, 2007 at 10:55:19AM +0200, Goetz Babin-Ebell wrote:
> > 1. have to store plaintext passwords in ldap directory.
> > 2. ACL on ldap directory must be configured for open access to
> > userPassword field for read, not only for auth.
> And with that open a can of worms I don't think Joydeep want to
> open...
>
> > 3. cyrus imapd must use saslauthd for authentication.
> > 4. saslauthd must have access to users passwords in ldap and must have
> > configured ldapdb_mech option.
> So cyrus can't do plain cram-md5 / digest-md5 with LDAP
> But saslauthd can.
> Something new...
o-ops...
Shared secrets mechanisms
Put another way, you cannot use saslauthd with these methods.
Auxiliary Properties
SASLv2 introduces the concept of Auxilliary Properties. That is,
the ability for information related to authentication and
authorization to all be looked up at once from a directory during the
authentication process. SASL Plugins internally take advantage of this
to do password lookups in directories such as the SASLdb, LDAP or a
SQL database. Applications can look up arbitrary properties through
them.
imapd.conf(5):
sasl_pwcheck_method: <none>
The mechanism used by the server to verify plaintext passwords.
Possible values include "auxprop", ...
May be it can help, but I'm not sure.
WBR.
Dmitriy
More information about the Info-cyrus
mailing list