CRAM-MD5 with saslauthd
Sven Schwedas
sven.schwedas at tao.at
Thu Mar 12 12:48:10 EDT 2015
On 2015-03-12 17:42, Geoff Winkless wrote:
> On 12 March 2015 at 16:04, Vladislav Kurz <vladislav.kurz at webstep.net
> <mailto:vladislav.kurz at webstep.net>>wrote:
>
> __
>
> On Thursday 12 of March 2015 Ram <ram at netcore.co.in
> <mailto:ram at netcore.co.in>> wrote:
>
>
>
> > > You need access to plaintext passwords for CRAM/DIGEST-MD5.
>
> > >
>
> > > LDAP and saslauthd do not provide that.
>
> >
>
> > How can I use CRAM-MD5 with passwords stored in LDAP (in MD5 format )
>
> > then ?
>
> >
>
> > I need to disable plain & login methods and cannot store passwords in
>
> > plain text too.
>
>
>
> I'm afraid you are trying to do impossible things. Read more about
> how cram-md5 works. You can eforce ssl/tls encryption and use
> plain/login auth.
>
>
> The definition of "plain text" doesn't mean that it cannot be stored in
> a retrievable form. You could make a fairly simple patch to retrieve the
> ciphertext from a ROT13 store, as an extreme example :)
AD supports an (AES-based, I think?) "reversible encryption" option for
their LDAP passwords. This might be the sanest venue for this kind of
"feature".
>
> G
>
>
> ----
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
>
--
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas
Systemadministrator
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: sven.schwedas at tao.at | +43 (0)680 301 7167
http://software.tao.at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: OpenPGP digital signature
Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20150312/0f5e8d37/attachment.bin
More information about the Info-cyrus
mailing list