It would probably be easier to just wrap the store and load sasl internal functions with encryption/decryption functions, rather than modify sasl to use a different database.
And I hope you are preparing to prompt for the database password on startup, because if you store the database password on the system, you will also not be complying with your policy. Unless you have a hardware key vault device that guarantees write only key storage. Or, you could use an encrypted file system, and encrypt the mail as well. I think this is what most sites that require encryption are doing. > On May 2, 2022, at 12:43 PM, Joseph Chen <joseph.c...@non.keysight.com> wrote: > > Does anyone know if there is a way to use SQLite DB in place of SaslDB? > > The reason: the built-in SaslDB uses a clear text data file for DB data > (being used while cyrus sasl is processing SRAM authentications), and the > company that I work for does not allow the use of any un-encrypted DB for > storing usernames and passwords. Instead, it recommends use a licensed > SQLite DB that is able to encrypt data. > > --JC > Cyrus <https://cyrus.topicbox.com/latest> / Devel / see discussions > <https://cyrus.topicbox.com/groups/devel> + participants > <https://cyrus.topicbox.com/groups/devel/members> + delivery options > <https://cyrus.topicbox.com/groups/devel/subscription>Permalink > <https://cyrus.topicbox.com/groups/devel/T669554f0fb783215-M05b89e1b80579ada639fe697> ------------------------------------------ Cyrus: Devel Permalink: https://cyrus.topicbox.com/groups/devel/T669554f0fb783215-M2245dc4a1c0100d354341739 Delivery options: https://cyrus.topicbox.com/groups/devel/subscription