[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapdb troubleshooting

> > authenticate with the LDAP repository. I started with imap and immediately 
> > ran into trouble. This is what imtest wrote to auth.log:
> Not a direct answer, but if you just want cyrus to use ldap user/pass for 
> I've found it much simpler to use pam_ldap via saslauthd.

I understood that there's a major difference in that ldapdb is supposed to 
retrieve the password from the LDAP repository (using a controlled, secure 
channel) and performs SASL auth in between client and server, which can be 
chosen also secure (e.g. DIGEST-MD5).

pam_ldap in contrast authenticates a credential sent to the server with the 
LDAP repository. Therefore, the credential sent by the client must be 
decodeable, which is a major weakness in the protocol.

Am I mistaken about that?

Have fun,
 - lars.