All passwords are already stored in a kerberos server _AND_ a plaintext file (could be SQL, but this wouldn't change anything as this would be a plaintext store anyway). However, I still need 2 password's DB to provide all authentication possibilities. My goal is to have only one encrypted DB to hold all of the authentication data. And this DB has to be a kerberos server in order to provide GSSAPI auth. The passwords should be the same for reading mail and for sending mails as most (all?) users won't use a different password for sending and for receiving, and I certainly don't configure 2 different realms for sending and receiving as it would be the same as using 2 DB.
W B Hacker wrote: > Renaud Allard wrote: > >> Well, in fine, I'd like all user's passwords to be stored >> encrypted into a kerberos server. > > IF '...I'd like....' means you have an operational need for > such things, then smtp itself is the wrong tool for the job. > > Google 'Defense Messaging Service'. And trust than much of the > content is encrypted independently of the transmission network. > >> Exim does not support (without cyrus-sasl) DIGEST-MD5 and >> GSSAPI, and it doesn't support bsdauth as a password > > database. However, with cyrus-sasl, it supports everything I > > need. >> Dovecot doesn't support checking anything against cyrus-sasl, >> but knows about GSSAPI with its own sasl library. > > IMAP/POP and smtp only interact in the mailstore. They may exist > on the same server, but are not required to do so, as long as > both have access to the mailstore. Likewise their auth mechanisms. > > Nothing prevents you using the same DB for multiple types of > auth. All you need is fields for each in a given record, and > appropriate key fields to find that record. These can be in a > single record, in a common DB, multiple records in a common DB, > or records in a separate. > > Nothing prevents you configuring a full-featured MUA to provide > different information for smtp login than for POP/IMAP login. > -- .O. ..O OOO PGP key: http://www.llorien.org/gnupg/key.pub
signature.asc
Description: OpenPGP digital signature
-- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
