I'm working on a setup where postfix and cyrus-imap do proxy authorization against openldap (my setup is here http://1nw.eu/!cD ). I love this solution, it's a lot more elegant that using saslauthd. But I'm concerned about passwords stored in cleartext, as required by DIGEST-MD5.
I know of the many ways to protect the data stored in openldap (file system encryption, etc...), but if somebody gets a root access, passwords will be disclosed, and I want to prevent that.
My question is: Is there a way to use hashed passwords with sasl and proxy authorization ?
