cyrus-sasl mysql auth problem
Roberto C. Sanchez
roberto at connexer.com
Sat Feb 10 10:07:01 EST 2007
On Sat, Feb 10, 2007 at 10:24:44AM +0100, Patrick Ben Koetter wrote:
> * Roberto C. Sanchez <roberto at connexer.com>:
> > On Fri, Feb 09, 2007 at 03:59:49PM -0500, Jeremiah Towe wrote:
> > >
> > > mysql> select * from accountuser;
> > > | username | password | prefix | domain_name |
> > > | maxyourstats0001 | newtest | maxyourstats | maxyourstats.com |
> > >
> > This might be OT, but why on Earth would you store the password in
> > *plaintext* in the database?
>
> Because shared-secret mechanisms require the password in plaintext for
> comparison?
>
Hmm. Then how do things like Postfix and Cyrus authenticate against
system user accounts? Those are stored either crypt()ed or in md5
format.
I have a setup on a couple of servers using Postfix (SMTP AUTH for
sending) and Courier IMAP (authdaemon for IMAP access) and I store the
passwords MD5 encrypted in the database. Of course, this essentially
mandates SSL encryption for anything requiring authentication, IIRC,
since PLAIN authentication must be used.
I have had no problems with this setup. Personally, there is nothing
that would make me consider storing passwords in cleartext in the
database.
Regards,
-Roberto
--
Roberto C. Sanchez
http://people.connexer.com/~roberto
http://www.connexer.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : https://lists.andrew.cmu.edu/mailman/private/cyrus-sasl/attachments/20070210/2b1cb864/attachment.bin
More information about the Cyrus-sasl
mailing list