On Fri, Dec 19, 2014 at 03:23:39PM +0530, Ram wrote:
> Ok fine , Is there any other file based approach that does not use a
> "provider"
Cyrus SASL supports a "sasldb" interface, or PAM. Either can use
a locally stored password database. With PAM, ideally strong
password crypts. With "sasldb" (not really recommended) you can
store cleartext passwords to support CRAM-MD5 and other challenge-response
SASL mechanisms.
However, the risk of theft of the password DB is higher than the
risk of attacks on PLAIN inside TLS. Avoid storing passwords,
other than as high-iteration salted hashes.
--
Viktor.
