ldapdb and crypt Userpassword
Tuan Van
tvan at santafefixtures.com
Tue May 9 15:10:11 EDT 2006
Igor Brezac wrote:
> On Tue, 9 May 2006, Tuan Van wrote:
>
>
> The patch more than likely does not work because it does not account for
> the hash identifier in userPassword ({crypt}). This is trivial to fix.
>
I wish I have the skill to revise the patch so it can support other
hashes {CRYPT}, {MD5}, {SMD5}, {SSHA}, and {SHA}. Then distribute
cyrus-sasl with a sample.conf like:
pwcheck_method:auxprop
## DO NOT USE *-MD5 with password_format other than cleartext
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
## password_format: <cleartext|crypt|unix|md5|smd5|ssha|sha>
password_format: cleartext
## LDAPDB plugin, edit to suit your setup.
# auxprop_plugin: ldapdb
# ldapdb_uri: ldaps://localhost
# ldapdb_id: proxy_user
# ldapdb_pw: proxy_user_password
## SQL plugin, edit to suit your setup.
# auxprop_plugin: sql
# sql_engine: mysql
# sql_user: sql_user
# sql_passwd: sql_password
# sql_database: sql_database
# sql_hostnames: sql_host
# sql_select: SELECT password FROM mail_user WHERE email = '%u@%r'
>
> What is wrong with running another daemon? saslauthd is very stable
> except for certain pam implementations.
>
I have not seen anything wrong with saslauthd+ldap, but with crypted
password in mysql one has to go the pam route right?
Tuan
More information about the Cyrus-sasl
mailing list