ldapdb and crypt Userpassword
Patrick Ben Koetter
p at state-of-mind.de
Tue May 9 16:00:31 EDT 2006
* Tuan Van <tvan at santafefixtures.com>:
> Igor Brezac wrote:
> > On Tue, 9 May 2006, Tuan Van wrote:
> >
> >
> > The patch more than likely does not work because it does not account for
> > the hash identifier in userPassword ({crypt}). This is trivial to fix.
> >
>
> I wish I have the skill to revise the patch so it can support other
> hashes {CRYPT}, {MD5}, {SMD5}, {SSHA}, and {SHA}. Then distribute
> cyrus-sasl with a sample.conf like:
I'd rather like to see an elaborate version of sysadmin.html and options.html.
But that's another story to tell... ;)
> pwcheck_method:auxprop
> ## DO NOT USE *-MD5 with password_format other than cleartext
> mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
> ## password_format: <cleartext|crypt|unix|md5|smd5|ssha|sha>
> password_format: cleartext
>
> ## LDAPDB plugin, edit to suit your setup.
> # auxprop_plugin: ldapdb
> # ldapdb_uri: ldaps://localhost
> # ldapdb_id: proxy_user
> # ldapdb_pw: proxy_user_password
>
> ## SQL plugin, edit to suit your setup.
> # auxprop_plugin: sql
> # sql_engine: mysql
> # sql_user: sql_user
> # sql_passwd: sql_password
> # sql_database: sql_database
> # sql_hostnames: sql_host
> # sql_select: SELECT password FROM mail_user WHERE email = '%u@%r'
>
> >
> > What is wrong with running another daemon? saslauthd is very stable
> > except for certain pam implementations.
>
> I have not seen anything wrong with saslauthd+ldap, but with crypted
> password in mysql one has to go the pam route right?
This route?
saslauthd -> pam -> pam_mysql -> mysql
Well it is at least very popular on the German Postfix mailing list.
p at rick
--
The Book of Postfix
<http://www.postfix-book.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
More information about the Cyrus-sasl
mailing list