[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL and non-cleartext passwords storage

Julien Vehent wrote:
This method is nice because it avoid having an additional software in
between postfix and cyrus (pam-ldap or saslauthd). But the problem is
that ldapdb requires to use DIGEST-MD5 and therefore to store the
passwords in cleartext in the directory.

ldapdb doesn't require any such thing. DIGEST-MD5 requires plaintext. If you don't want to store plaintext passwords, don't use DIGEST-MD5.

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/