Jeff Wiegley <[EMAIL PROTECTED]> writes: > I'm 100% against sasl in general just for the simple fact that the > developers have chosen to store passwords and user credentials in > PLAINTEXT in a file on the filesystem. (add to that the need to > maintain and synchronize two different databases or username/password > information.)
FWIW, plaintext passwords is a requirement of some of the SASL mechanisms, such as CRAM-MD5. If you don't need CRAM-MD5 or similar mechanisms, you don't need plaintext passwords on the machine. Also, many, if not most, SASL mechanisms is not compatible with standard Unix username/password management since they derive secrets from the passphrase, which is impossible to access under Unix. (Alternatively, you could blame the Unix username/password system for the problems..)
