[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Security [auf Viren überprüft]



Marcio Scheibler schrieb das Folgende am 01.02.2005 17:00:

You should have posted this back to the list. :-)

That's right. With simple auth you don't need store clear passwords
in your directory and TLS (if it's correctly configured) keeps their secret on the wire.

As general rule Kerberos passwords are stored in KDC, not in directory (except for with LDAP backend for heimdal). Passwords don't need to run through the wire between LDAP server and client. Besides, you can use same password for logging in both in directory and in your Unix/Linux system.
So far I know.
I would like to pull through without Kerberos, if possible.

One way could be, configuring Postfix (for SMTP-Auth) and Cyrus IMAPd with SASLAuthd to use OpenLDAP. SASLAuthd can use TLS and authentificate to OpenLDAP with certs. Does SASLAuthd verify the passwords hisself by comparing or does he a bind with originally given user credentials again?

I know, this is only "related" to OpenLDAP. It's hard for my to understand all this SASL and OpenSSL background topics.
Any hinds?
http://www.bayour.com/LDAPv3-HOWTO.html
This was unreadable last week, when I search for it.


Hans