Pascal Gienger schrieb:
Alexey Melnikov schrieb:
1). Remove extra (unused) mutex in libsasl
2). Merge my utils/pluginviewer.c changes
3). Investigate global callback updating in subsequent
sasl_server_init() calls
4). Commit SQLite3 configure change. Test SQLite3 plugin.
5). Remove use of obsolete cmusasl... attributes
6). Strip trailing spaces from options during server configuration
loading
7). Investigate fix for bug # 2822 (OTP does not work with prompts)
8). Review patch for bug # 3134 (Improved error reporting from
auth_getpwent)
9). MacOS dlopen.c change (+ the libtool change?)
10). Merge Debian bugfixes
Is 5 really necessary?
There are quite some people who actually use cmusaslsecretDIGEST-MD5 to
store secrets via ldap. If their hash database gets stolen they can
change the realm (DIGEST-MD5!) and recompute all the hashes, making the
stolen hashes useless.
Addendum:
cmusaslsecretPLAIN is also useful for people doing only cleartext logins
via SSL/TLS to store only hashes of the password in their sasldb ldap
database.
Is the direction towards which cmu sasl is directing too the sole usage
of GSSAPI/Kerberos? That would be the only reason to cut down the hash
usage. "userPassword" is evil for me (stored in cleartext in a database).
