Re: sasldb or PAM
- * gaby <gaby@...>:
> I use PAM authentication method for send emal via postfix with Cyrus Sasl.There are two sections you need to pay attention for:
> If use sasldb2 method instead PAM,it is more secure, or more Ok?Sasdb is
> more usable?
1. Transmission of identification data over the network
2. Storage of authentication data in a backend, where libsasl can access and
verify the identification data.
The most secure method with regular clients is 1) to use PLAIN and LOGIN over
a TLS secured transport layer and 2) store authentication data crypted. sasldb
can do that and PAM can do that too.
Everything else means a tradeoff. If you use 1) CRAM-MD5 and NTLM you can send
identification data over a transport layer that isn't TLS protected, but you
will have to store passwords in plaintext, because the mechanisms CRAM-MD5 and
NTLM require access to plaintext password for comparison.
All technical questions asked privately will be automatically answered on the
list and archived for public access unless privacy is explicitely required and
saslfinger (debugging SMTP AUTH):