Hi Hadmut,
You can keep crypted passwords in LDAP also. See man (8) slappasswd:
-h scheme If -h is specified, one of the following RFC 2307 schemes may be specified: {CRYPT}, {MD5}, {SMD5}, {SSHA}, and {SHA}. The default is {SSHA}.
Note that scheme names may need to be protected, due to { and }, from expansion by the user's command interpreter.
{SHA} and {SSHA} use the SHA-1 algorithm (FIPS 160-1), the lat- ter with a seed.
{MD5} and {SMD5} use the MD5 algorithm (RFC 1321), the latter with a seed.
{CRYPT} uses the crypt(3).
{CLEARTEXT} indicates that the new password should be added to userPassword as clear text.
Tuesday, August 7, 2007, 9:38:20 AM, you wrote:
Hi,
just a question:
I know that dovecot supports SASL authentication and supports LDAP. Which means that dovecot performs the SASL methods itself and stores the plaintext secret on LDAP.
But it is also possible to have the LDAP do the SASL work and dovecot just pass SASL messages through? Even when the LDAP server uses a proprietary SASL method not supported by dovecot?
regards Hadmut
-- Sergey