Re: Squirrelmail and Imap using SASL issue

From: Andreas Winkelmann (no email)
Date: Tue May 17 2005 - 14:50:03 EDT

  • Next message: Francisco Reyes: "Re: Couldn't update db error"

    Am Tuesday 17 May 2005 18:56 schrieb Jason Walker:

    > > If you want to use more than one Domain-Part, saslauthd is not the right
    > > choice and you should use the sql Auxprop-Plugin. (This will unpatched
    > > only work with unencrypted Passwords).
    >
    > Why wouldn't saslauthd be the best way to do this? I am presently trying

    Because of this Feature with the Domain Part in the Username. The Library will
    loose the part behind the @. If you use auxprop and in the case above the
    sql-Auxprop Plugin, the Username will arrive complete at the Backend.

    Another disadvantage is the limiting to plain and login if you want to use
    saslauthd. plain or login means the Password passes almost unencrypted the
    Line. You have to use TLS/SSL for security.

    > to setup an environment where saslauthd authenticates against kerberos5
    > for users, so as far as I know this is the only way for Postfix or

    Client sends Username/Password in cleartext through the wire. saslauthd
    connects to Kerberos and verifies the Password.

    > cyrus-imap to use kerberos5. Is there a reason auxprop-plugin would be
    > better, and will that work with kerberos5?

    GSSAPI uses the already issued Kerberos-Ticket. No Password crosses the Line.

    -- 
    	Andreas
    

  • Next message: Francisco Reyes: "Re: Couldn't update db error"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD