CRAM-MD5 with saslauthd

Sven Schwedas sven.schwedas at tao.at
Thu Mar 12 12:48:10 EDT 2015


On 2015-03-12 17:42, Geoff Winkless wrote:
> On 12 March 2015 at 16:04, Vladislav Kurz <vladislav.kurz at webstep.net
> <mailto:vladislav.kurz at webstep.net>>wrote:
> 
>     __
> 
>     On Thursday 12 of March 2015 Ram <ram at netcore.co.in
>     <mailto:ram at netcore.co.in>> wrote:
> 
>      
> 
>     > > You need access to plaintext passwords for CRAM/DIGEST-MD5.
> 
>     > > 
> 
>     > > LDAP and saslauthd do not provide that.
> 
>     > 
> 
>     > How can I use CRAM-MD5 with passwords stored in LDAP (in MD5 format )
> 
>     > then ?
> 
>     > 
> 
>     > I need to disable plain & login methods and cannot store passwords in
> 
>     > plain text too.
> 
>      
> 
>     I'm afraid you are trying to do impossible things. Read more about
>     how cram-md5 works. You can eforce ssl/tls encryption and use
>     plain/login auth.
> 
>  
> The definition of "plain text" doesn't mean that it cannot be stored in
> a retrievable form. You could make a fairly simple patch to retrieve the
> ciphertext from a ROT13 store, as an extreme example :)

AD supports an (AES-based, I think?) "reversible encryption" option for
their LDAP passwords. This might be the sanest venue for this kind of
"feature".

>> G
> 
> 
> ----
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
> 

-- 
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas
Systemadministrator
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: sven.schwedas at tao.at | +43 (0)680 301 7167
http://software.tao.at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: OpenPGP digital signature
Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20150312/0f5e8d37/attachment.bin 


More information about the Info-cyrus mailing list