> > form). That means if anyone ever gets access to your sasldb, you are > > hosed. Not true for an LDAP database, stores passwords in hashed form. > > There is no requirement in SASL that says that passwords must be stored in > cleartext. Yes, it is true that libsasl's sasldb does so, however this is > an easily plugable backend that can be changed for whatever type of > password database you desire, provided that someone has written an auxprop > plugin for it. >
I dont see how this would work ? An auxprop plugin gets a username/ realm and a list of properties to return ? Are you saying it should return the password encrypted and then use a patch like someone did a couple of weeks ago. Or is there some other way for an auxprop to return the correct thing ? -- Simon
