On Wed, 10 Apr 2002, Rob Siemborski wrote:
> On Wed, 10 Apr 2002, Igor Brezac wrote:
>
> > Auxprop has to return a clear text password unless you make neccessary
> > changes to lib/checkpw.c.
>
> I don't agree, auxprop_verify_password() will take either a userPassword
> (plaintext) or a cmusaslsecretPLAIN.
True. However, in most cases userPassword in LDAP is of
{(crypt|sha|md5)}xxxxxx format. It appears that cmusaslsecretPLAIN takes
md5 password only.
As you suggested below, a possibly better approach would be to develop a
saslauthd mechanism. I assume that SASL v1 (1.5.27) can talk to saslauthd
from SASL v2? This can solve a lot of issues where different apps need to
use different sasl versions.
> > It would be nicer if auxprop would simply take
> > OK/NO type answer.
>
> No, this defeats the the purpose of auxprop plugins, which is to return
> user properties. If you can only return a yes/no type answer, then you
> have to use saslauthd and mechanisms that give you the plaintext password
> (or an decryptable version of the plaintext password).
>
I stand corrected.
-Igor
