Ken Murchison wrote: > The biggest (only?) downside for existing installations is that any > secrets stored in sasldb would have to migrated to the new format. This > will require resetting all of the users passwords because they can not > be extracted from the old sasldb (unless you have been using my APOP > patch). As stated above, this will eventually have to be done, so why > not now?
BTW, in a previous, similar situation (not with cyrus) I patched the auth handler to still verify against the old database, but record the credentials in the new format in the new database each time at successfull login. It doesn't mitigate the entire problem, but if you have this running for a month or so, pretty much anyone should automatically have their password migrated. Requires cleartext passwords, even though the delivery channel can be ssl-encrypted, of course. Emile
