digest-md5 password store
Janne Peltonen
janne.peltonen at helsinki.fi
Fri Dec 7 08:35:33 EST 2007
On Wed, Dec 05, 2007 at 09:26:58AM -0600, Dan White wrote:
> The auxprop plugin gives you the ability to authenticate using
> the PLAIN, LOGIN, DIGEST-MD5, CRAM-MD5, NTLM and OTP mechs (and
> probably more).
>
> saslauthd only gives you the ability to authenticate using PLAIN
> and LOGIN (I believe), which may or may not be sufficient for you.
Not true. pwcheck_method refers only to the /plaintext/ authentication
method. That is, even with pwcheck_method: saslauthd, you can use any
authentication method you wish. It's only that only the PLAIN and LOGIN
(where LOGIN is not actually a sasl method but the IMAP LOGIN command)
go through saslauthd. Other authentication methods use the corresponding
sasl library plugins.
I have a running Murder where all the murder-internal technical accounts
are to be found in /etc/sasldb2, and authenticated to using DIGEST-MD5,
whereas the "real" user accounts are authenticated using PLAIN/LOGIN and
saslauthd->pam->pam-radius->radius. Frontends don't have the DIGEST-MD5
method enabled, so that clients won't try to authenticate using it.
--Janne Peltonen
Univ of Helsinki
--
Janne Peltonen <janne.peltonen at helsinki.fi>
More information about the Info-cyrus
mailing list