Postfix with Cyrus SASL and LDAP and CRAM-MD5 and DIGEST-MD5

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Postfix with Cyrus SASL and LDAP and CRAM-MD5 and DIGEST-MD5

Pascal Gienger
Just FYI (I know this is a SASL issue):

in the special case you have an extra cleartext mail password attribute
defined in your LDAP schema, you may use an ldap auxprop to get rid of
saslauthd(8) and to offer full CRAM-MD5, DIGEST-MD5 and NTLM authentication.

After many have beaten me, I ended up writing a cyrus sasl auxprop for this
case. Unlike ldapdb you may freely define your ldap atribute storing the
password usable for authentification.

http://southbrain.com/south/2008/06/writing-a-cyrus-sasl-ldap-auxp.html

It is offered without any warranty of any kind. I took some special time to
insert memsets to clear out password memory immediately after use so they
don't stay in process memory forever.

Comments are always welcome!

Pascal