ldapdb and crypt Userpassword

Tuan Van tvan at santafefixtures.com
Tue May 9 15:10:11 EDT 2006


Igor Brezac wrote:
> On Tue, 9 May 2006, Tuan Van wrote:
> 
> 
> The patch more than likely does not work because it does not account for 
> the hash identifier in userPassword ({crypt}).  This is trivial to fix.
>

I wish I have the skill to revise the patch so it can support other
hashes {CRYPT}, {MD5}, {SMD5}, {SSHA}, and {SHA}. Then distribute
cyrus-sasl with a sample.conf like:

pwcheck_method:auxprop
## DO NOT USE *-MD5 with password_format other than cleartext
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
## password_format: <cleartext|crypt|unix|md5|smd5|ssha|sha>
password_format: cleartext

## LDAPDB plugin, edit to suit your setup.
# auxprop_plugin: ldapdb
# ldapdb_uri: ldaps://localhost
# ldapdb_id: proxy_user
# ldapdb_pw: proxy_user_password

## SQL plugin, edit to suit your setup.
# auxprop_plugin: sql
# sql_engine: mysql
# sql_user: sql_user
# sql_passwd: sql_password
# sql_database: sql_database
# sql_hostnames: sql_host
# sql_select: SELECT password FROM mail_user WHERE email = '%u@%r'

> 
> What is wrong with running another daemon?  saslauthd is very stable 
> except for certain pam implementations.
> 

I have not seen anything wrong with saslauthd+ldap, but with crypted
password in mysql one has to go the pam route right?

Tuan


More information about the Cyrus-sasl mailing list