From: Guillaume Rousse (rousse at ccr dot jussieu dot fr)
Date: Wed Jun 16 2004 - 08:03:05 EDT
Igor Brezac wrote:
>>>Only userPassword and cmusaslsecretMECHNAME properties can be
>>>used for storing secrets.
>>
>>And userPassword must be the Cleartext-Password.
So it's seems once again i'm running into a wall, I want to use the same
password for all mail-related tasks (imap && smtp auth).
Let's make a summary of my requirements then:
1) shell access, imap access and stmp auth for all users
2) no single password transmittable in clear text
3) either one single password for everything, or one for shell access
and one for mail access (from the user point of view)
4) all password modifiable by the user directly
In a previous incarnation, we had passwords stored in three different
places (/etc/shadow for shell, imapdb for imap, sasldb for smtp auth),
with only cram-md5 autentication allowed, filling requirements 1 and 2.
3 and 4 were only achievable by creating setuid front-ends for accessing
imapdb and sasldb. So we switched to LDAP just to make all passwords
stored in one place, thinking administration would be easier. However, I
still didn't found a way to have both iamp and stmp auth use the same
LDAP property with digest or cram-md5 autentication scheme.
Can anyone suggest another setup ? We're not bound to courier-imap, nor
to LDAP mandatorily, and 2) could also be achieved using clear-text
autentication over crypted transport layer (see my other thread).
-- Class schedules are designed so that every student will waste maximum time between classes. Corollary: When you are occasionally able to schedule two classes in a row, they will be held in classrooms at opposite ends of the campus. -- Laws of Class Scheduling n°2
|
|
|