auxprop ldapdb

Adam Tauno Williams awilliam at whitemice.org
Thu Aug 30 06:20:49 EDT 2012


On Tue, 2012-08-28 at 12:46 +0200, zorg wrote:
> the documentation is not very clear to me
> If I want to use auxprop with ldapdb
> Do i have to store my user password in clear in ldap or is the another 
> solution

Technically, no.  Generally, yes.

I have some information & examples concerning ldapdb @
<http://www.wmmi.net/documents/LDAP103.pdf> [starting around slide 13].

People get uneasy about storing clear-text in the DSA but it doesn't
bother me.  You are either storing it in the DSA or .... sending it over
the wire!  Which is worse?  And if someone breaches the security of your
DSA / DC then you are humped anyway.

> For the moment I m using saslauthd.conf but I wonder if I can use 
> auxprop to be more secure

Yes, then you can use much more secure authentication mechanisms such as
digest.  Clear text auth with encrypted stored passwords is like buying
a handgun to protect your home but always leaving the doors and windows
wide open.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20120830/7eded526/attachment.bin 


More information about the Info-cyrus mailing list