alternative login names
Wolfgang Rosenauer
wrosenauer at gmail.com
Mon Feb 4 15:06:20 EST 2013
On Mon, Feb 4, 2013 at 6:44 PM, Marc Patermann <
hans.moser at ofd-z.niedersachsen.de> wrote:
> Wolfgang
>
> Wolfgang Rosenauer schrieb (04.02.2013 18:03 Uhr):
>
>
> I played around some more with openldap's SASL and ran exactly into the
>> issue that SASL seems to explicitely _not_ support CRYPT userPasswords.
>> So yes, keeping saslauthd using PAM would help with that.
>>
> What did you test? (I did not do it myself.)
> Like an ldapsearch with "-Y cram-md5" or "-Y plain" both do not work
> against an object where userPassword is encrypted with CRYPT?
> And both do work while it is encrypted with like SHA or unencrypted?
>
DIGEST-MD5 did not work (as expected) and PLAIN also failed with
slap_ap_lookup: str2ad(cmusaslsecretPLAIN): attribute type undefined
SASL [conn=1004] Failure: Password verification failed
When I googled for that issue I found statements that SASL cannot handle
CRYPT passwords and tries to fall back to cmusaslsecret what I do not have.
I haven't tried plain passwords since I have no test setup at the moment
and didn't want to kill the production mail server.
Wolfgang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20130204/e03739ef/attachment.html
More information about the Info-cyrus
mailing list