--On Monday, November 19, 2001 07:40:16 PM -0500 Ken Murchison <[EMAIL PROTECTED]> wrote:
>> Right. Which means that they will be duplicated and must be kept >> in sync for as long as you have apps using both versions. Changing >> your password in either database won't automatically change it in >> the other. > > Yeah, but writing a script which simple front-ends both saslpasswds > would be trivial. However, check out Rob Siemborski's post re: > dbconverter-2. I completely forgot about this utility. If it's trivial, then it should be easy to add to the distribution, right? >> I have multiple virtual hosts, each with some number of virtual >> users and several services that require authentication. Without >> some sort of automation, the transition sounds like a huge pain. > > Yeah, I feel for anybody with a lot of users. Lots of users is only half my problem. The other half is the number of virtual hosts with their own userbases. >> The v1 sasl library supported an auto-transition for plaintext >> logins where the login was authenticated against some external >> mechanism (e.g., /etc/passwd) and then used to create the entries >> in the sasldb. A similar auto-transition, even requiring a single >> plaintext login, would make make the switchover much easier. > > This might be possible. I'd be curious how Rob and Larry feel about > this. Anything that will help automate the transition would be helpful. >> Easier yet would be if the v2 library would support using the old >> v1 sasldb as a fallback if it doesn't find an entry in the new db. >> New entries and password updates would go into the new one. Eventually >> the old db would be completely shadowed and could be removed. > > Hmm. I'll defer to Rob on this, but I don't think we want legacy > setpass() code floating around in the v2 library (each plugin used to > set its own password, but now its handled globally because they all > share the same plaintext password). I'm not familiar with the internals or API - would setpass() be necessary if the v1 db support was read-only? -Pat
msg04562/pgp00000.pgp
Description: PGP signature
