From: Igor Brezac (no email)
Date: Thu Oct 06 2005 - 11:04:36 EDT
On Thu, 6 Oct 2005 wrote:
> I'm using saslauthd to auth with active directory,what config works for me
> is
> ldap_servers: ldap://domain.com:3268/
> ldap_filter: (sAMAccountName=%u)
> ldap_bind_dn:
> ldap_bind_pw: simpleclearpassword
>
> I think the clear password transport in network is dangerous...
Protect the transport:
ldap_servers: ldaps://domain.com
how do you protect imapd/pop passwords?
> How can I use sasl with it?
Hmm, you can use gssapi to talk to AD, but it is not useful in this
instance.
You may be able to 'saslauthd -a kerberos5' instead.
-Igor
> thx in advance!
>
>
>
>
> Igor Brezac <>
> 10/06/2005 08:46 PM
>
>
> To:
> cc: "Raymond T. Sundland" <>,
>
> Subject: Re: Can I use hashed password for ldap_bind_pw in saslauthd.conf?
>
>
>
> If you know of a really effective two way hash, please submit code.
>
> Otherwise you can use sasl and you will not need to specify the password
> in saslauthd.conf:
>
> ldap_use_sasl: yes
> ldap_server: ldap:///
> ldap_mech: DIGEST-MD5
>
> -Igor
>
>
> On Thu, 6 Oct 2005, Raymond T. Sundland wrote:
>
>> chmod 400 saslauthd.conf
>>
>> If someone has enough access to read the file at this point, they have
> enough
>> access to modify your LDAP database files using the 'slapcat' and
> 'slapadd'
>> commands, so any additional security of a hashed password would be
> useless.
>>
>> wrote:
>>
>>>
>>> It's really a bad idea to use clear text..
>>>
>>>
> ------------------------------------------------------------------------
>>>
>>> ----
>>> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>>> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>>
>>
>
>
-- Igor ---- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
|
|
|