Sebastiaan van Erk wrote:
> When I set the password for a mail user using ldappasswd, everything
> works fine and well. When I change the password using the squirrelmail
> password change plugin, courier no longer authenticates my user:
...
> However when I change the ldapauth flag LDAP_AUTHBIND to 1 and restart
> courier-authdaemon, then it does work:
I believe that's because SSHA hashes are supported by openldap (which
means AUTHBIND will work when using an SSHA hash), but not by
courier-authlib.
AUTHBIND is usually the way that LDAP clients authenticate. Allowing
them to read the hash directly should be avoided whenever possible. If
you have a reason to expose the hashes to clients, you will probably
need to use a less secure, but more widely supported hash method. I
think you can put:
password-hash {CRYPT}
in slapd.conf to use crypt() style hashes by default.
------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
courier-users mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
