| View previous topic :: View next topic |
| Author |
Message |
techrolla
n00b
Joined: 30 Sep 2004
Posts: 26
|
 Posted: Fri Dec 09, 2005 9:56 pm Post subject: Virtual Mail HOWTO: Better security? |
 |
|
I have finished the virtual mail howto: http://www.gentoo.org/doc/en/virt-mail-howto.xml and am wondering how I could better secure it. The main worry I am having is that the passwords are stored clear text. Is there a way I can change this so they are stored using crypt or MD5 auth? In the authmysqlrc file for courier-authlib, there is a section you can define the password mode:
| Code: |
##NAME: MYSQL_CRYPT_PWFIELD:0
#
# Either MYSQL_CRYPT_PWFIELD or MYSQL_CLEAR_PWFIELD must be defined. Both
# are OK too. crypted passwords go into MYSQL_CRYPT_PWFIELD, cleartext
# passwords go into MYSQL_CLEAR_PWFIELD. Cleartext passwords allow
# CRAM-MD5 authentication to be implemented.
#MYSQL_CRYPT_PWFIELD crypt
##NAME: MYSQL_CLEAR_PWFIELD:0
#
#
MYSQL_CLEAR_PWFIELD clear
|
If I use clear, how could I implement the CRAM-MD5 authentication utilizing the setup in the howto, instead of using clear text passwords?
Thanks,
Max. |
|
| Back to top |
|
 |
msalerno
Veteran
Joined: 17 Dec 2002
Posts: 1338
Location: Sweating in South Florida
|
| Posted: Fri Dec 09, 2005 10:12 pm Post subject: |
|
|
The problem is that the version of SASL you are using probably does not support encrypted passwords stored in a mysql database.
That is of course if I am reading your post correctly. It's friday, i'm exhausted and looking forward to going out drinking. Check out this link, it's for a different virtual mail setup, but you should be able to follow the sasl section.
https://forums.gentoo.org/viewtopic-t-312591-highlight-.html |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
