Howard Chu wrote: > Michael Ströder wrote: >> 4. In case of SASL mechanisms which require 'userPassword' value(s) in clear >> you would have to implement a reversible encryption password storage schema in >> an OpenLDAP overlay and adapt some other layer/components to correctly use it. > > The SASL SCRAM mechanism works without a plaintext userPassword. Yes, but AFAIK not the current cyrus-sasl implementation. Not to speak of lack of support by client implementations... Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature