On Sat, 26 Jul 2003 [EMAIL PROTECTED] wrote: > A question ... why use the auxprop plugin instead of pam ? Is there > any performance issues involved or what ? > > Thanks for your brilliant piece of software - cyrus-guys .... :-)
PAM only allows you to do password verification, essentially "is xyzzy the password?" and get a "ok/no" response. This requires that the plaintext password traverse the network (possibly under a TLS layer). Auxprop plugins allow you to use more secure mechanisms, such as CRAM-MD5 or DIGEST-MD5 because you have access to the password directly, instead of just an ok/no answer. It also eliminates a few tiers in the authentication hierarchy, compare: cyrus -> sasl -> saslauthd -> pam -> pam_mysql -> mysql to cyrus -> sasl -> mysql auxprop -> mysql -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
