I use TLS withPAM,but what is disadvantage PAM versus sasldb ? Sasldb is more security?
----- Original Message ----- From: Patrick Ben Koetter To: postfix-users@postfix.org Sent: Monday, November 07, 2011 11:06 AM Subject: Re: sasldb or PAM * gaby <g...@autoglobus2000.ro>: > I use PAM authentication method for send emal via postfix with Cyrus Sasl. > If use sasldb2 method instead PAM,it is more secure, or more Ok?Sasdb is > more usable? There are two sections you need to pay attention for: 1. Transmission of identification data over the network 2. Storage of authentication data in a backend, where libsasl can access and verify the identification data. The most secure method with regular clients is 1) to use PLAIN and LOGIN over a TLS secured transport layer and 2) store authentication data crypted. sasldb can do that and PAM can do that too. Everything else means a tradeoff. If you use 1) CRAM-MD5 and NTLM you can send identification data over a transport layer that isn't TLS protected, but you will have to store passwords in plaintext, because the mechanisms CRAM-MD5 and NTLM require access to plaintext password for comparison. p@rick -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
