[Dovecot] dovecot + LDAP-SASL ?

Sergey A. Kobzar tod.zullu at gmail.com
Tue Aug 7 09:53:12 EEST 2007


Hi Hadmut,

You can keep crypted passwords in LDAP also. See man (8) slappasswd:

-h scheme
   If -h is specified, one of the following RFC 2307 schemes may be
   specified: {CRYPT},  {MD5},  {SMD5},  {SSHA},  and  {SHA}.   The
   default is {SSHA}.

   Note that scheme names may need to be protected, due to { and },
   from expansion by the user's command interpreter.

   {SHA} and {SSHA} use the SHA-1 algorithm (FIPS 160-1), the  lat-
   ter with a seed.

   {MD5}  and  {SMD5}  use the MD5 algorithm (RFC 1321), the latter
   with a seed.

   {CRYPT} uses the crypt(3).

   {CLEARTEXT} indicates that the new password should be  added  to
   userPassword as clear text.


Tuesday, August 7, 2007, 9:38:20 AM, you wrote:

> Hi,

> just a question:

> I know that dovecot supports SASL authentication and supports LDAP.
> Which means that dovecot performs the SASL methods itself and stores the
> plaintext secret on LDAP.

> But it is also possible to have the LDAP do the SASL work and dovecot just
> pass SASL messages through? Even when the LDAP server uses a proprietary
> SASL method not supported by dovecot?

> regards
> Hadmut



-- 
Sergey



More information about the dovecot mailing list