At 7:27 PM -0600 4/8/02, Tim Pushor wrote: > >Stupid question alert:
Not so stupid. I've asked the same question here before, and no one really came up with an answer. It seems that people are doing sasl authentication with an ldap back end (presumably the hashes are in LDAP somewhere). LDAP v3, however, can use sasl as an authentication mechanism- which makes a hell of a lot more sense to me, since a Directory seems more suited to authorization than authentication. In fact, as you've seen, to be v3 compliant, you NEED sasl auth. Simple LDAP binds are less than secure. So in the environment I built, LDAP gets its passwords from sasl. Postfix gets is passwords from sasl. Cyrus Imapd gets its passwords from sasl. This seems sane to me. -- http://www.4am-media.com Mac OS X Consulting and Training Michael Bartosh [EMAIL PROTECTED] 303.517.0272 Denver, CO "The surest way to corrupt a youth is to instruct him to hold in higher regard those who think alike than those who think differently." - -- Nietzsche Think Different.
