[Dovecot] 'Bind'-method authentication for LDAP
Has there been any thought given to implementing authentication via an LDAP 'bind', rather than by a password lookup and hash comparison? doing a bind would obviate the need to make the passwords readable by the dovecot process and would lend itself to improved security.
Phillip Needham Principal, iBright Consulting phillip@ibright.net 614-783-3301
Yes, would be nice! We're achieving pretty much the same thing will PAM and pam_ldap to Active Directory, but we're lucky that user accounts are also in NIS (though I can also get it work with userdb = static if I chgrp all the mailboxes).
Chris
Phillip Needham wrote:
Has there been any thought given to implementing authentication via an LDAP 'bind', rather than by a password lookup and hash comparison? doing a bind would obviate the need to make the passwords readable by the dovecot process and would lend itself to improved security.
Phillip Needham Principal, iBright Consulting phillip@ibright.net 614-783-3301
-- --+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+- Christopher Wakelin, c.d.wakelin@reading.ac.uk IT Services Centre, The University of Reading, Tel: +44 (0)118 378 8439 Whiteknights, Reading, RG6 2AF, UK Fax: +44 (0)118 975 3094
participants (2)
-
Chris Wakelin
-
Phillip Needham