[prev in list] [next in list] [prev in thread] [next in thread]
List: info-cyrus
Subject: Re: auxprop ldapdb
From: Adam Tauno Williams <awilliam () whitemice ! org>
Date: 2012-08-30 10:20:49
Message-ID: 1346322049.2843.5.camel () workstation ! wmmi ! net
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
On Tue, 2012-08-28 at 12:46 +0200, zorg wrote:
> the documentation is not very clear to me
> If I want to use auxprop with ldapdb
> Do i have to store my user password in clear in ldap or is the another
> solution
Technically, no. Generally, yes.
I have some information & examples concerning ldapdb @
<http://www.wmmi.net/documents/LDAP103.pdf> [starting around slide 13].
People get uneasy about storing clear-text in the DSA but it doesn't
bother me. You are either storing it in the DSA or .... sending it over
the wire! Which is worse? And if someone breaches the security of your
DSA / DC then you are humped anyway.
> For the moment I m using saslauthd.conf but I wonder if I can use
> auxprop to be more secure
Yes, then you can use much more secure authentication mechanisms such as
digest. Clear text auth with encrypted stored passwords is like buying
a handgun to protect your home but always leaving the doors and windows
wide open.
["signature.asc" (application/pgp-signature)]
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic