[Date Prev][Date Next]
Re: SASL and non-cleartext passwords storage
On 18.09.2011 12:30, Jacobus brogly.decap wrote:
Sure, just choose "a schema" there are many hashes to choose from
SHA1-SHA2, MD5 etc...you can look it up in the admin guide on the
openldap.org  website...setting it up is really trivial!
How is this going to work with proxy authorization ?
the ldapdb auxprop plugin in postfix doesn't work with hash passwords.
Should I go back to using saslauthd ?
2011/9/18 Julien Vehent
I'm working on a setup where postfix and cyrus-imap do proxy
authorization against openldap (my setup is here http://1nw.eu/!cD
). I love this solution, it's a lot more elegant that using
But I'm concerned about passwords stored in cleartext, as required
I know of the many ways to protect the data stored in openldap (file
system encryption, etc...), but if somebody gets a root access,
passwords will be disclosed, and I want to prevent that.
My question is: Is there a way to use hashed passwords with sasl and
proxy authorization ?