Re: easiest way to configure STARTTLS and PAM/AUTH on debian sendmail?
Jeff Wiegley <jeffw@cyte.com> writes:
> I'm 100% against sasl in general just for the simple fact that the
> developers have chosen to store passwords and user credentials in
> PLAINTEXT in a file on the filesystem. (add to that the need to
> maintain and synchronize two different databases or username/password
> information.)
FWIW, plaintext passwords is a requirement of some of the SASL
mechanisms, such as CRAM-MD5. If you don't need CRAM-MD5 or similar
mechanisms, you don't need plaintext passwords on the machine. Also,
many, if not most, SASL mechanisms is not compatible with standard
Unix username/password management since they derive secrets from the
passphrase, which is impossible to access under Unix.
(Alternatively, you could blame the Unix username/password system for
the problems..)
Reply to: