Re: Mail architecture (was Re: need help with ldapdb plugin)

From: Simon Matter (simon dot matter at ch dot sauter-bc dot com)
Date: Wed Jun 16 2004 - 08:39:41 EDT

  • Next message: Guillaume Rousse: "Re: Mail architecture (was Re: need help with ldapdb plugin)"

    > Igor Brezac wrote:
    >>>>Only userPassword and cmusaslsecretMECHNAME properties can be
    >>>>used for storing secrets.
    >>>
    >>>And userPassword must be the Cleartext-Password.
    > So it's seems once again i'm running into a wall, I want to use the same
    > password for all mail-related tasks (imap && smtp auth).
    >
    > Let's make a summary of my requirements then:
    > 1) shell access, imap access and stmp auth for all users

    no problem with userPassword as SSHA in LDAP

    > 2) no single password transmittable in clear text

    no problem with ssh, imap/tls, smtp/starttls does it, transport encryption
    is the key here

    > 3) either one single password for everything, or one for shell access
    > and one for mail access (from the user point of view)

    one password works fine

    > 4) all password modifiable by the user directly

    works fine too, every user is able to change his own password in ldap.

    >
    > In a previous incarnation, we had passwords stored in three different
    > places (/etc/shadow for shell, imapdb for imap, sasldb for smtp auth),
    > with only cram-md5 autentication allowed, filling requirements 1 and 2.
    > 3 and 4 were only achievable by creating setuid front-ends for accessing
    > imapdb and sasldb. So we switched to LDAP just to make all passwords
    > stored in one place, thinking administration would be easier. However, I
    > still didn't found a way to have both iamp and stmp auth use the same
    > LDAP property with digest or cram-md5 autentication scheme.
    >
    > Can anyone suggest another setup ? We're not bound to courier-imap, nor
    > to LDAP mandatorily, and 2) could also be achieved using clear-text
    > autentication over crypted transport layer (see my other thread).
    >
    > --
    > Class schedules are designed so that every student will waste maximum
    > time between classes.
    > Corollary: When you are occasionally able to schedule two classes in a
    > row, they will be held in classrooms at opposite ends of the campus.
    > -- Laws of Class Scheduling n2
    >
    >


  • Next message: Guillaume Rousse: "Re: Mail architecture (was Re: need help with ldapdb plugin)"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD