On Mon, Feb 4, 2013 at 6:44 PM, Marc Patermann < hans.mo...@ofd-z.niedersachsen.de> wrote:
> Wolfgang > > Wolfgang Rosenauer schrieb (04.02.2013 18:03 Uhr): > > > I played around some more with openldap's SASL and ran exactly into the >> issue that SASL seems to explicitely _not_ support CRYPT userPasswords. >> So yes, keeping saslauthd using PAM would help with that. >> > What did you test? (I did not do it myself.) > Like an ldapsearch with "-Y cram-md5" or "-Y plain" both do not work > against an object where userPassword is encrypted with CRYPT? > And both do work while it is encrypted with like SHA or unencrypted? > DIGEST-MD5 did not work (as expected) and PLAIN also failed with slap_ap_lookup: str2ad(cmusaslsecretPLAIN): attribute type undefined SASL [conn=1004] Failure: Password verification failed When I googled for that issue I found statements that SASL cannot handle CRYPT passwords and tries to fall back to cmusaslsecret what I do not have. I haven't tried plain passwords since I have no test setup at the moment and didn't want to kill the production mail server. Wolfgang
---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
