On 18.09.2011 12:30, Jacobus brogly.decap wrote:
Sure, just choose "a schema" there are many hashes to choose from SHA1-SHA2, MD5 etc...you can look it up in the admin guide on the openldap.org [2] website...setting it up is really trivial!
How is this going to work with proxy authorization ? the ldapdb auxprop plugin in postfix doesn't work with hash passwords. Should I go back to using saslauthd ?
2011/9/18 Julien Vehent
Hi List,
I'm working on a setup where postfix and cyrus-imap do proxy authorization against openldap (my setup is here http://1nw.eu/!cD [1] ). I love this solution, it's a lot more elegant that using saslauthd. But I'm concerned about passwords stored in cleartext, as required by DIGEST-MD5.
I know of the many ways to protect the data stored in openldap (file system encryption, etc...), but if somebody gets a root access, passwords will be disclosed, and I want to prevent that.
My question is: Is there a way to use hashed passwords with sasl and proxy authorization ?
Thanks, Julien
Links: ------ [1] http://1nw.eu/!cD [2] http://openldap.org [3] mailto:julien@linuxwall.info
openldap-technical@openldap.org