[Dovecot] Trying nonplaintext mech with LDAP password-hash
dovecotlist at encambio.com
dovecotlist at encambio.com
Thu Apr 9 02:10:29 EEST 2009
Hello Timo,
An mer., avr 08, 2009, Timo Sirainen schrieb:
>On Thu, 2009-04-09 at 00:31 +0200, dovecotlist at encambio.com wrote:
>> I've already verified that this works correctly with plaintext
>> (CLEARTEXT in slapd.conf), but I really want to store the passwords
>> in LDAP using some hash. Why doesn't LDAP-MD5 work as advertised?
>
>Because it's impossible to support it. Read
>http://wiki.dovecot.org/Authentication/Mechanisms
>
>> What did the author mean by 'properly hashed passwords'? Thanks.
>
>I made it a link now to
>http://wiki.dovecot.org/Authentication/PasswordSchemes#Non-plaintext_authentication_mechanisms
>
The new text clears up the confusion. Before, it sounded as at least
CRAM-MD5 could be implemented with MD5 encoded password stoarge. I
suppose if LDAP could store passwords in CRAM-MD5 format (whatever
that is) then this goal would be achievable. Reading slapd.conf(5),
it seems LDAP can only store {SSHA}, {SHA}, {SMD5}, {MD5}, {CRYPT},
and {CLEARTEXT}. It's probably in the RFC, and CRAM-MD5 is missing
from the list.
How sad.
--
Eduard
More information about the dovecot
mailing list