[Date Prev][Date Next]
RE: slap_sasl_checkpass - why?
> -----Original Message-----
> From: Luke Howard [mailto:lukeh@PADL.COM]
> >If you want to do a simple bind, why not just stick the actual
> password in
> >your userPassword attribute in the first place?
> I though the real idea was to support in-directory secret storage
> for non-plain mechanisms. But IIRC most of those mechanisms actually
> require access to the plaintext password to generate a hash, rather
> than verifying the user-supplied credentials against the in-directory
> passwords, which is what the checkpass API supports.
Yes, Hmmm. To support in-directory storage for other mechanisms you need to
either patch the Cyrus sasldb.c or write a separate new Cyrus plugin.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support