On Fri, Aug 02, 2013 at 05:33:15PM +0100, SOGo Noob wrote: > > My plan is this: > We have a new cleanly installed Ubuntu 12.04 server for mail, and we've > opted to use MySQL for authentication and for basic storage. We will be > using Postfix and Dovecot for mail transport and imap/pop respectively. All > of which seems to make sense so far, and much of this is configured already. > > My issue is with choosing the correct password encryption. We need it to be > compatible with SOGo, Dovecot and Postfix, and we need mail client support > for all major platforms.
I'm working for an ISP, running SOGo for webmail, postfix for SMTP and dovecot for LMTP/POP/IMAP -- for a little under 100 maildomains/1M-accounts. Earlier (before SOGo) we used MySQL for user-database, but have moved over to a LDAP (389ds) for holding the user-database. And I would strongly advice you to consider doing the same. All services are speaking directly to the ldap-servers. When users needs to authenticate, this is handled trough the ldap bind() operation, so that none of the services need to know anything about encryption schemes, and also they don't have access to read the users' hashes. LDAP/389ds gives you proper multi-master setup, so that you can easily configure a highly available environment, and also scale out if needed. > Obviously we need to administer the server too, > some clean cli commands to generate new passwords would be great. What > would the list recommend as an adopted password encryption that is simple > to deploy but at the same time secure? Lots of options for editing LDAP data.. ldapvi, ldapsearch, ldapmodify, apache directory studio and probably several web-based options exists. -jf -- users@sogo.nu https://inverse.ca/sogo/lists
