[Dovecot] LDAP authentication windows 2003

Steffen Kaiser skdovecot at smail.inf.fh-bonn-rhein-sieg.de
Thu Nov 9 15:19:28 UTC 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 9 Nov 2006, Timo Sirainen wrote:

> Umm.. The auth bind succeeds with the empty password?
>
> So should I just add a check that empty password will always fail if
> auth_bind=yes? This prevents having users who don't have a password (eg.
> they'd be proxied elsewhere), but I guess it's not that important.

How about a "#permit_empty_passwords = yes" option in passdb backends?
Not that I use accounts with empty passwords, but just in case.

Bye,

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iQEVAwUBRVNHBS9SORjhbDpvAQKsFQf+OrvK8xyJvH0VIB5EVlT8aQUUv55bmt7p
xgKdamg2WaFvIhBU/Y7r4o69zh5gkSh0e1jaVoYzbSeRcohjPmoUOPr7C58cV6Ru
dsXeArTDOqfYf28/GG6Kw3zCZAfkKywJ5IZv9nn1PhGn4mC7pyunBoFOqwaR55wb
yXSLaA273Jit4GAPdpVY1zsG5KuaNm9qgAUQ2y3aHqA+5HcwtJig8zE9qT/zNf+f
qwpStG/znl9NM68V6kzsXuQBvByLtTeNZAKVubRKsgKT7neH8nO2Myxk4oo+Ynq4
5erwP5QslPldl9LOE1Wa2+m2NoR38ALIJlJOR+PAhYL/VTIe44naTA==
=ihP3
-----END PGP SIGNATURE-----


More information about the dovecot mailing list