now im up to pam, how can I change the querythat pam does on the DB?<br>I have a multidomain setup and the username is the email address (test.test.local), but pam cuts of the @test.local in the query<br><br><br>thx again<br>
<br><div class="gmail_quote">On Jan 23, 2008 9:23 AM, rupert <<a href="mailto:rupertt@gmail.com">rupertt@gmail.com</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div><div></div><div class="Wj3C7c"><br><br><div class="gmail_quote">On Jan 22, 2008 9:05 PM, Rupert <<a href="mailto:rupertt@gmail.com" target="_blank">rupertt@gmail.com</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Dan White schrieb:<br><div><div></div><div>> rupert wrote:<br>>> Hi,<br>>> i have my murder cluster running, with passwords stored in a mysql DB.<br>>> The only thing that bugs me now is that the passwords are stored in<br>
>> plaintext inside the DB.<br>>> I am using fedora8 and will switch to CentOS once everything runs fine.<br>>> Can i build a rpm module for sasl that exist beside the packages that<br>>> are in<br>
>> the repositries?<br>>><br>>> like cyrus-sasl-md5.i386, cyrus-sasl-plain.i386, cyrus-sasl-devel.i386,<br>>> cyrus-sasl-md5.i386 ...<br>>><br>>> I tried to compile cyrus-sasl.2.19 with the pwcheck patch, but it just<br>
>> messed everythign up.<br>>><br>>> Any other solutions? And why is such a important thing not standard?<br>><br>> Hi Rupert,<br>><br>> I think the MySQL PAM plugin is one possible way to support hashed<br>
> passwords. You would need to disable all mechanisms which depend on<br>> the auxprop plugin and depend on a clear text password (such as<br>> DIGEST-MD5).<br>><br>> You'll need to configure your pwcheck_method to include saslauthd, and<br>
> then configure saslauthd to use PAM to authenticate.<br>><br>> I'm not familiar with the pwcheck patch, but it shouldn't be required<br>> in this scenario.<br>><br>> - Dan<br></div></div>I tried some more times to compile the latest cyrus-sasl with the<br>
patch(read somewhere the .18 also works on the latest sasl) on my fedora<br>box.<br>I always get some error while compiling that it cant find mysql.h or<br>mysqlclient.<br>I compile it with enable-sql and --with-mysql=/usr/lib/mysql<br>
--with-mysql=/usr/include/mysql<br>which is where all the files are located it is complaining about. I also<br>have /usr/lib/mysql in ld.so.conf<br>Can there be anything else wrong?<br><br><br>thx<br><br></blockquote></div>
</div></div>
ok , i got back to the .19 version and compiled that one.<br>When I now login the syslog says no worthy mechs found and the maillog a<br>"frontend imap[2864]: badlogin: frontend [<a href="http://192.168.247.128" target="_blank">192.168.247.128</a>] plaintext <a href="mailto:joe@test.local" target="_blank">joe@test.local</a> SASL(-13): authentication failure: checkpass failed"<br>
mysql is working because I can see the query in the mysql.log.<br><br>thx<br>
</blockquote></div><br>