subject:"auxprop ldapdb"

Re: auxprop ldapdb

2012-08-30 Thread Adam Tauno Williams

On Tue, 2012-08-28 at 12:46 +0200, zorg wrote:
> the documentation is not very clear to me
> If I want to use auxprop with ldapdb
> Do i have to store my user password in clear in ldap or is the another 
> solution

Technically, no.  Generally, yes.

I have some information & examples concerning ldapdb @
 [starting around slide 13].

People get uneasy about storing clear-text in the DSA but it doesn't
bother me.  You are either storing it in the DSA or  sending it over
the wire!  Which is worse?  And if someone breaches the security of your
DSA / DC then you are humped anyway.

> For the moment I m using saslauthd.conf but I wonder if I can use 
> auxprop to be more secure

Yes, then you can use much more secure authentication mechanisms such as
digest.  Clear text auth with encrypted stored passwords is like buying
a handgun to protect your home but always leaving the doors and windows
wide open.

signature.asc
Description: This is a digitally signed message part

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: auxprop ldapdb

2012-08-28 Thread Marc Patermann

zorg,

zorg schrieb (28.08.2012 12:46 Uhr):

> the documentation is not very clear to me
> If I want to use auxprop with ldapdb
> Do i have to store my user password in clear in ldap or is the another 
> solution
You don't have to store the password in cleartext.
But you cannot use shared secret mechanisms with hashed passwords IMHO, 
but this is not special to ldapdb.


Marc

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

auxprop ldapdb

2012-08-28 Thread zorg

Hello
the documentation is not very clear to me
If I want to use auxprop with ldapdb
Do i have to store my user password in clear in ldap or is the another 
solution

For the moment I m using saslauthd.conf but I wonder if I can use 
auxprop to be more secure

Thanks

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: auxprop ldapdb

Re: auxprop ldapdb

auxprop ldapdb

3 matches

Site Navigation

Mail list logo

Footer information