Re: easiest way to configure STARTTLS and PAM/AUTH on debian sendmail?

To: Jeff Wiegley <jeffw@cyte.com>
Cc: debian-security@lists.debian.org
Subject: Re: easiest way to configure STARTTLS and PAM/AUTH on debian sendmail?
From: Simon Josefsson <jas@extundo.com>
Date: Mon, 29 Sep 2003 15:57:05 +0200
Message-id: <[🔎] ilupthjn1e6.fsf@latte.josefsson.org>
In-reply-to: <[🔎] D%Pdb.12318$Ak3.4988@twister.socal.rr.com> (Jeff Wiegley's message of "Mon, 29 Sep 2003 06:08:35 GMT")
References: <[🔎] D%Pdb.12318$Ak3.4988@twister.socal.rr.com>

Jeff Wiegley <jeffw@cyte.com> writes:

> I'm 100% against sasl in general just for the simple fact that the
> developers have chosen to store passwords and user credentials in
> PLAINTEXT in a file on the filesystem. (add to that the need to
> maintain and synchronize two different databases or username/password
> information.)

FWIW, plaintext passwords is a requirement of some of the SASL
mechanisms, such as CRAM-MD5.  If you don't need CRAM-MD5 or similar
mechanisms, you don't need plaintext passwords on the machine.  Also,
many, if not most, SASL mechanisms is not compatible with standard
Unix username/password management since they derive secrets from the
passphrase, which is impossible to access under Unix.

(Alternatively, you could blame the Unix username/password system for
the problems..)

Reply to:

References:
- easiest way to configure STARTTLS and PAM/AUTH on debian sendmail?
  - From: Jeff Wiegley <jeffw@cyte.com>

Prev by Date: new open udp port with bind 9.2.3rc
Next by Date: Re: services installed and running "out of the box"
Previous by thread: easiest way to configure STARTTLS and PAM/AUTH on debian sendmail?
Next by thread: Re: easiest way to configure STARTTLS and PAM/AUTH on debian sendmail?
Index(es):
- Date
- Thread