Re: Information about SASL and LDAP
* Carson Gaspar <carson@xxxxxxxxxx>:
> On 11/30/2011 4:18 PM, Howard Chu wrote:
> >>>On 30/11/11 11:16 +0100, Christian Roessner wrote:
>
> >>>>cmusaslsecretCRAM-MD5
> >>>>cmusaslsecretDIGEST-MD5 and
> >>>>cmusaslsecretNTLM
>
> >As I recall these are all plaintext-equivalents; i.e. there is no
> >security benefit from using these pre-hashed values, so they've been
> >deprecated already. The plugins will retrieve and use them if they're
> >present, but nothing creates them.
>
> They are _not_ plaintext equivalents. They are realm-limited, so
> compromise is limited to just the set of services sharing that realm
> (in many cases a single service). i.e. they don't let me use your
> password to log in to gmail, or get a shell on your box.
>
> The fact that the cyrus folks decided to deprecate these in favor of
Are they really deprecated? Because if they are its no use to document them
which is something I am working on.
p@rick
--
All technical questions asked privately will be automatically answered on the
list and archived for public access unless privacy is explicitely required and
justified.
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
[Video For Linux]
[Photos]
[Yosemite News]
[Yosemite Photos]
[gtk]
[KDE]
[Info Cyrus]
[Gimp on Windows]
[Steve's Art]
[Script Fu]
