[Date Prev][Date Next] [Chronological] [Thread] [Top]

Digest-MD5 Using Cyrus SASL over TLS storing passwords in LDAP



Hi everyone,
     I'm looking to use SASL over TLS for my LDAP authentication.  I've got
TLS up and working.  (Thanks a lot Kent Soper and Stephen Frost).  Now I'm
trying to tackle the SASL part.  I'd like to get to LDAP v3 compliant
eventually, so I'm looking to use Digest MD-5.  However, the only
documentation I've found says that I've got to have additional password
info stored in the SASL db or else leave passwords unencrypted in the LDAP
directory.
     Does anyone know of a good tutorial or HOW-TO for SASL?  My goals is
to use LDAP and Samba to authenticate Windows users to a server (don't want
it to be a PDC) in as secure a fashion as possible without using Kerberos.
I'd really rather not have unencrypted passwords in my LDAP directory, but
I don't know how having another password pair stored in the SASL db is
going to complicate password/account maintenance.  Any insight would be
appreciated.

Thanks,
Jason McGlamary

Associate Application Specialist
Division of Nursing - Nursing Informatics
Washington Hospital Center