[Date Prev][Date Next] [Chronological] [Thread] [Top]

Security [auf Viren überprüft]



Hi!

To prevent sniffing clear text passwords there are a few methods available with OpenLDAP. Which of them are useful, when OpenLDAP will be used especially with Postfix und Cyrus IMAPd? I don't want to store authentification data elsewhere than in LDAP (i.e. no sasldb2).

The "easiest" way may be server-side encrytion with TLS. STARTTLS works before the bind operation, so even simple bind clear text passwords are encrypted. Am I right?
To use CRAM-MD5 or DIGEST-MD5-mech need plain text passwords in the userpasswd-attribut to create the challenge. Is that true?


I'm sure someone has done this before (with or without Kerberos). [We don't have any Kerberos-infrastructure yet.]
I know, this is only "related" to OpenLDAP. It's hard for my to understand all this SASL and OpenSSL background topics.
Any hinds?


Hans