Hi Hadmut,
You can keep crypted passwords in LDAP also. See man (8) slappasswd:
-h scheme
If -h is specified, one of the following RFC 2307 schemes may be
specified: {CRYPT}, {MD5}, {SMD5}, {SSHA}, and {SHA}. The
default is {SSHA}.
Note that scheme names may need to be protected, due to { and },
from expansion by the user's command interpreter.
{SHA} and {SSHA} use the SHA-1 algorithm (FIPS 160-1), the lat-
ter with a seed.
{MD5} and {SMD5} use the MD5 algorithm (RFC 1321), the latter
with a seed.
{CRYPT} uses the crypt(3).
{CLEARTEXT} indicates that the new password should be added to
userPassword as clear text.
Tuesday, August 7, 2007, 9:38:20 AM, you wrote:
> Hi,
> just a question:
> I know that dovecot supports SASL authentication and supports LDAP.
> Which means that dovecot performs the SASL methods itself and stores the
> plaintext secret on LDAP.
> But it is also possible to have the LDAP do the SASL work and dovecot just
> pass SASL messages through? Even when the LDAP server uses a proprietary
> SASL method not supported by dovecot?
> regards
> Hadmut
--
Sergey
