Am Mo, den 04.07.2005 schrieb redhatdude@xxxxxxxxxxxxx um 22:19: No HTML formatted mail please. > Why is there two commands for setting up users: saslpasswd and > saslpasswd2 with sasldb and sasldb2? Is this a secure method of > authentication? Is there a benefit to using other methods instead of > sasldb? > EJ There is SASL and SASLv2 (1 [old] vs. 2 [current]). saslpasswd and sasldb are for SASL version 1 and saslpasswd2 together with sasldb2 are SASLv2. Frankly I can't tell you which application on Fedora still uses the obsolete SASL version 1. The mail applications should all be compiled against SASLv2. The MD4 mechs are secure. Plaintext auth is safe as long as the connection goes over a TLS session. LDAP is more flexible than using sasldb, to the cost that you have to know how LDAP works. The sasldb has the disadvantage that user passwords are stored plain text in the db file. So you have to care that you set the permissions safe enough. Alexander -- Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773 legal statement: http://www.uni-x.org/legal.html Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp Serendipity 22:26:52 up 9 days, 5:19, load average: 0.08, 0.18, 0.17
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
