Mail architecture (was Re: need help with ldapdb plugin)

From: Guillaume Rousse (rousse at ccr dot jussieu dot fr)
Date: Wed Jun 16 2004 - 08:03:05 EDT

  • Next message: Guillaume Rousse: "Re: need help with ldapdb plugin"

    Igor Brezac wrote:
    >>>Only userPassword and cmusaslsecretMECHNAME properties can be
    >>>used for storing secrets.
    >>
    >>And userPassword must be the Cleartext-Password.
    So it's seems once again i'm running into a wall, I want to use the same
    password for all mail-related tasks (imap && smtp auth).

    Let's make a summary of my requirements then:
    1) shell access, imap access and stmp auth for all users
    2) no single password transmittable in clear text
    3) either one single password for everything, or one for shell access
    and one for mail access (from the user point of view)
    4) all password modifiable by the user directly

    In a previous incarnation, we had passwords stored in three different
    places (/etc/shadow for shell, imapdb for imap, sasldb for smtp auth),
    with only cram-md5 autentication allowed, filling requirements 1 and 2.
    3 and 4 were only achievable by creating setuid front-ends for accessing
    imapdb and sasldb. So we switched to LDAP just to make all passwords
    stored in one place, thinking administration would be easier. However, I
    still didn't found a way to have both iamp and stmp auth use the same
    LDAP property with digest or cram-md5 autentication scheme.

    Can anyone suggest another setup ? We're not bound to courier-imap, nor
    to LDAP mandatorily, and 2) could also be achieved using clear-text
    autentication over crypted transport layer (see my other thread).

    --
    Class schedules are designed so that every student will waste maximum 
    time between classes.
    Corollary: When you are occasionally able to schedule two classes in a 
    row, they will be held in classrooms at opposite ends of the campus.
    	-- Laws of Class Scheduling n2
    

  • Next message: Guillaume Rousse: "Re: need help with ldapdb plugin"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD