[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL and non-cleartext passwords storage

Hi List,

I'm working on a setup where postfix and cyrus-imap do proxy authorization against openldap (my setup is here http://1nw.eu/!cD ). I love this solution, it's a lot more elegant that using saslauthd. But I'm concerned about passwords stored in cleartext, as required by DIGEST-MD5.

I know of the many ways to protect the data stored in openldap (file system encryption, etc...), but if somebody gets a root access, passwords will be disclosed, and I want to prevent that.

My question is: Is there a way to use hashed passwords with sasl and proxy authorization ?