checkpw.c crypt patch

Patrick Ben Koetter p at
Tue Jul 21 01:53:34 EDT 2009

* David van Geest <davidv at>:
> Hi All,
> I'm working on getting Postfix to authenticate SMTP users from a MySQL  
> DB which stores encrypted passwords.  Various how-to's recommend  
> cyrus-sasl, but it seems that to use it for encrypted passwords you need  
> the checkpw.c+sql.c patch.  The only version of this patch I can find  
> ( is for cyrus-sasl-2.1.19.  Has the  
> patch been merged into later versions of cyrus-sasl, or do I need to use  
> 2.1.19?

The/any patch breaks shared-secret mechanisms, which require plaintext

> Also if anyone has pointers on getting this going, I'd be happy to hear  
> them.

No need to patch.

Use saslauthd -> PAM -> pam:mysql -> MySQL(crypted passwords)

p at rick

All technical answers asked privately will be automatically answered on
the list and archived for public access unless privacy is explicitely
required and justified.

saslfinger (debugging SMTP AUTH):

More information about the Cyrus-sasl mailing list