can i build a sasl module with support for encrypted passwords?
rupert
rupertt at gmail.com
Wed Jan 23 03:23:12 EST 2008
On Jan 22, 2008 9:05 PM, Rupert <rupertt at gmail.com> wrote:
> Dan White schrieb:
> > rupert wrote:
> >> Hi,
> >> i have my murder cluster running, with passwords stored in a mysql DB.
> >> The only thing that bugs me now is that the passwords are stored in
> >> plaintext inside the DB.
> >> I am using fedora8 and will switch to CentOS once everything runs fine.
> >> Can i build a rpm module for sasl that exist beside the packages that
> >> are in
> >> the repositries?
> >>
> >> like cyrus-sasl-md5.i386, cyrus-sasl-plain.i386, cyrus-sasl-devel.i386,
> >> cyrus-sasl-md5.i386 ...
> >>
> >> I tried to compile cyrus-sasl.2.19 with the pwcheck patch, but it just
> >> messed everythign up.
> >>
> >> Any other solutions? And why is such a important thing not standard?
> >
> > Hi Rupert,
> >
> > I think the MySQL PAM plugin is one possible way to support hashed
> > passwords. You would need to disable all mechanisms which depend on
> > the auxprop plugin and depend on a clear text password (such as
> > DIGEST-MD5).
> >
> > You'll need to configure your pwcheck_method to include saslauthd, and
> > then configure saslauthd to use PAM to authenticate.
> >
> > I'm not familiar with the pwcheck patch, but it shouldn't be required
> > in this scenario.
> >
> > - Dan
> I tried some more times to compile the latest cyrus-sasl with the
> patch(read somewhere the .18 also works on the latest sasl) on my fedora
> box.
> I always get some error while compiling that it cant find mysql.h or
> mysqlclient.
> I compile it with enable-sql and --with-mysql=/usr/lib/mysql
> --with-mysql=/usr/include/mysql
> which is where all the files are located it is complaining about. I also
> have /usr/lib/mysql in ld.so.conf
> Can there be anything else wrong?
>
>
> thx
>
> ok , i got back to the .19 version and compiled that one.
When I now login the syslog says no worthy mechs found and the maillog a
"frontend imap[2864]: badlogin: frontend [192.168.247.128] plaintext
joe at test.local SASL(-13): authentication failure: checkpass failed"
mysql is working because I can see the query in the mysql.log.
thx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080123/5585df57/attachment.html
More information about the Info-cyrus
mailing list