[Date Prev][Date Next]
Re: Security [auf Viren überprüft]
Marcio Scheibler schrieb das Folgende am 01.02.2005 17:00:
You should have posted this back to the list. :-)
That's right. With simple auth you don't need store clear passwords
in your directory and TLS (if it's correctly configured) keeps their
secret on the wire.
As general rule Kerberos passwords are stored in KDC, not in directory
(except for with LDAP backend for heimdal). Passwords don't need to run
through the wire between LDAP server and client. Besides, you can use
same password for logging in both in directory and in your Unix/Linux
So far I know.
I would like to pull through without Kerberos, if possible.
One way could be, configuring Postfix (for SMTP-Auth) and Cyrus IMAPd
with SASLAuthd to use OpenLDAP. SASLAuthd can use TLS and authentificate
to OpenLDAP with certs. Does SASLAuthd verify the passwords hisself by
comparing or does he a bind with originally given user credentials again?
I know, this is only "related" to OpenLDAP. It's hard for my to
understand all this SASL and OpenSSL background topics.http://www.bayour.com/LDAPv3-HOWTO.html
This was unreadable last week, when I search for it.