I have a feeling that if I told our security folks that in order to use SASLv2 with the sasldb, we would have a file with everyone's password in plaintext where they can be EASILY (and perhaps accidently) read by a priv'd user, the security folks would have a cow.
Is there any chance you could add an option (or hook) to disguise the passwords in the sasldb database? I realize this wouldn't protect against the case where the file fell into the wrong hands, but there may be other cases where it might prevent the passwords from popping up accidently. -- ======================== Larry M. Rosenbaum [EMAIL PROTECTED] Bldg 4500-N, Room E-218 865 574-8155 phone PO Box 2008, MS 6271 865 241-4000 fax Oak Ridge, TN 37831-6271 Oak Ridge National Laboratory, Network Computing Services group
