On 12/11/13 07:49 -0800, alex wrote:
Package: libsasl2-modules-sql
Version: 2.1.25.dfsg1-6+deb7u1
Severity: wishlist
Dear Maintainer,
Encrypting the password in an sql database for sasl2 to use has been a
long outstanding feature that needs to be fixed. There are currently a few
methods of resolving the issue but they involve outdated patches as well
as installing other packages as a work around to the solution. Fixing this
issue could help resolve a major issue with sql databases and sasl2 and
help promote cyrus as imap server.
The issue in question is the lack of support for the password_format:
crypt option. As online security is ever more important this day and age,
storing plain text passwords in a database isn't an acceptable use case.
This functionality has been included with other libsasl2-modules-*
packages. I honestly haven't found an answer as to why this functionality
hasn't been included. If there is a reason, I apologize for the bug report
but would also like an explanation so that I may document it accordingly.
Thank you for your time. I look forward to answering any more questions
you may have about this issue and/or what the current fixes look like.
ii libsasl2-modules 2.1.25.dfsg1-6+deb7u1
Recent versions of libsasl2 (including cyrus-sasl2 2.1.25.dfsg1-17) contain
support for pwcheck_method: auxprop-hashed, but unfortunately is
undocumented. The source leads me to believe that the stored value should
me an md5 hash of the shared secret.
This functionality has not been implemented in all auxprop plugins
(including ldapdb), due to the fact that it is undocumented.
--
Dan White
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
