ldapdb and crypt Userpassword

Patrick Ben Koetter p at state-of-mind.de
Tue May 9 16:00:31 EDT 2006


* Tuan Van <tvan at santafefixtures.com>:
> Igor Brezac wrote:
> > On Tue, 9 May 2006, Tuan Van wrote:
> > 
> > 
> > The patch more than likely does not work because it does not account for 
> > the hash identifier in userPassword ({crypt}).  This is trivial to fix.
> >
> 
> I wish I have the skill to revise the patch so it can support other
> hashes {CRYPT}, {MD5}, {SMD5}, {SSHA}, and {SHA}. Then distribute
> cyrus-sasl with a sample.conf like:

I'd rather like to see an elaborate version of sysadmin.html and options.html.
But that's another story to tell... ;)

> pwcheck_method:auxprop
> ## DO NOT USE *-MD5 with password_format other than cleartext
> mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
> ## password_format: <cleartext|crypt|unix|md5|smd5|ssha|sha>
> password_format: cleartext
> 
> ## LDAPDB plugin, edit to suit your setup.
> # auxprop_plugin: ldapdb
> # ldapdb_uri: ldaps://localhost
> # ldapdb_id: proxy_user
> # ldapdb_pw: proxy_user_password
> 
> ## SQL plugin, edit to suit your setup.
> # auxprop_plugin: sql
> # sql_engine: mysql
> # sql_user: sql_user
> # sql_passwd: sql_password
> # sql_database: sql_database
> # sql_hostnames: sql_host
> # sql_select: SELECT password FROM mail_user WHERE email = '%u@%r'
> 
> > 
> > What is wrong with running another daemon?  saslauthd is very stable 
> > except for certain pam implementations.
> 
> I have not seen anything wrong with saslauthd+ldap, but with crypted
> password in mysql one has to go the pam route right?

This route?

saslauthd -> pam -> pam_mysql -> mysql

Well it is at least very popular on the German Postfix mailing list. 

p at rick

-- 
The Book of Postfix
<http://www.postfix-book.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>


More information about the Cyrus-sasl mailing list