On Tue, 2007-08-07 at 08:38 +0200, Hadmut Danisch wrote: > Hi, > > just a question: > > I know that dovecot supports SASL authentication and supports LDAP. > Which means that dovecot performs the SASL methods itself and stores the > plaintext secret on LDAP. > > But it is also possible to have the LDAP do the SASL work and dovecot just > pass SASL messages through? Even when the LDAP server uses a proprietary > SASL method not supported by dovecot?
For plaintext authentication you can use authentication binds and have the password stored on LDAP side in any way you want. For non-plaintext authentication Dovecot needs the secret in plaintext or some other specific format. LDAP doesn't support "SASL forwarding".
signature.asc
Description: This is a digitally signed message part
