[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5195) ssf not available during sasl bind

--On Saturday, October 27, 2007 3:00 AM +0000 quanah@zimbra.com wrote:

> access to userPassword
> 	by users read sasl_ssf=128 break
> 	by users read tls=128

Replace users by self, sorry.  Obviously you don't want any user to read 
it. ;)  Although hm, anonymous need access at least for auth, so:

access to userPassword
	by anonymous auth
	by self read sasl_ssf=128 break
	by self read tls=128

Note that in the anonymous access case, the user password is never 
transmitted from the server end, in any case.

You could do a similar requirement as above, something like:

access to userPassword
	by anonymous auth sasl_ssf=128 break
	by anonymous auth tls=128
	by self read

(At this point, you've forced any user to be encrypted, so no need to 
duplicate the requirements on the read access).



Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration