[Date Prev][Date Next]
Security [auf Viren überprüft]
To prevent sniffing clear text passwords there are a few methods
available with OpenLDAP. Which of them are useful, when OpenLDAP will be
used especially with Postfix und Cyrus IMAPd? I don't want to store
authentification data elsewhere than in LDAP (i.e. no sasldb2).
The "easiest" way may be server-side encrytion with TLS. STARTTLS works
before the bind operation, so even simple bind clear text passwords are
encrypted. Am I right?
To use CRAM-MD5 or DIGEST-MD5-mech need plain text passwords in the
userpasswd-attribut to create the challenge. Is that true?
I'm sure someone has done this before (with or without Kerberos). [We
don't have any Kerberos-infrastructure yet.]
I know, this is only "related" to OpenLDAP. It's hard for my to
understand all this SASL and OpenSSL background topics.