Cyrus IMAP Presentation

Ken Murchison ken at oceana.com
Sun Sep 22 12:27:10 EDT 2002 

Quoting Eric Estabrooks <eric at urbanrage.com>:

> Mathieu Arnold wrote:
> 
> >--On dimanche 22 septembre 2002 15:45 +0200 "Mr. Simix"
> <simix at datacomm.ch>
> >wrote:
> >
> >  
> >
> >>Rob Siemborski wrote:
> >>    
> >>
> >>>On Sun, 22 Sep 2002, Tarjei Huse wrote:
> >>>
> >>>
> >>>      
> >>>
> >>>>If you do not use saslpasswd2, then Cyrus only uses plaintext methods
> >>>>for authentication, right?
> >>>>        
> >>>>
> >>>No.  You can use a MySQL backend as well to supply the secrets for
> >>>non-plaintext methods.  The OpenLDAP people also have an auxprop
> >>>plugin that will get the secerts directly from their datastore, but it
> >>>only works internal to OpenLDAP.
> >>>      
> >>>
> >>Okay, but we can say whenever PAM is involved, then only plain can be
> >>used, right?
> >>    
> >>
> >
> >yes, because you cannot be sure to have access to plain text passwords
> >using pam, and you need plain text passwords to do digests
> authentications.
> >  
> >
> It should be possible to write a pam module (or extend an existing one) 
> to include other mechanisms beside plain, if like you said you had plain 

My understanding of PAM is that you can't retrieve the password.  You simply 
pass it a user, password and service and PAM tells you whether it is 
correct/allowed or not.  I haven't checked the PAM API, so maybe there is a 
way.

> text passwords available on the server side.  Of course there might be 
> an additional restriction imposed by the sasl interface in that it might 
> only present plain to the pam interface or the likes of saslauthd and 
> try to resolve others internally or drop them if configured for using pam.

Assuming that youy can get PAM to return the plaintext password, you'd have to 
write a PAM auxprop plugin.  SASL only uses auxprop to fetch the plaintext 
passwords (as opposed to checking the validity, which it does via saslauthd).

Ken
-- 
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp

More information about the Info-cyrus mailing list