checkpw.c crypt patch
David van Geest
davidv at spindance.com
Tue Jul 21 16:05:46 EDT 2009
Patrick Ben Koetter wrote:
> * David van Geest <davidv at spindance.com>:
>
>>> Use saslauthd -> PAM -> pam:mysql -> MySQL(crypted passwords)
>>>
>>> p at rick
>>>
>> Thanks Patrick! I'm attempting what you suggest using pam:mysql. My
>> /etc/pam.d/smtp.postfix looks like this:
>>
>
> saslauthd calls this? Usually it would be /etc/pam.d/smtp, because the service
> name is "smtp".
>
Hmmmm yeah, that could be wrong. I haven't actually tried it out yet,
and it looks like every how-to except for the one I used has 'smtp'.
Thanks for the correction.
>
>> auth optional pam_mysql.so user=<mysql_username>
>> passwd=<mysql_pw> host=host.domain db=<db_name> table=<user_table>
>> usercolumn=<user_column> passwdcolumn=<user_pass_column> crypt=1
>> account required pam_mysql.so user=<mysql_username>
>> passwd=<mysql_pw> host=host.domain db=<db_name> table=<user_table>
>> usercolumn=<user_column> passwdcolumn=<user_pass_column> crypt=1
>>
>> A follow-up question: how does this work when using a salt? The DB
>> admin wants to store the password hash and password salt in separate
>> columns in MySQL, so it seems like I would need to add another option in
>> the above lines to specify the salt column, so the salt value can be
>> used with crypt().
>>
>
> I personally haven't used "saslauthd -> PAM -> pam:mysql" before, so I can't
> give you any first hand experience. Maybe someone else can share their
> knowledge on this.
>
> p at rick
>
Digging into this more, seems like using a salt isn't even possible. Looking at the pam_mysql options on this page (http://pam-mysql.sourceforge.net/Documentation/package-readme.php?seemore=y) I don't see any way to add a salt from the DB into the crypt() function. However, if somebody knows more about this, I'm all ears.
-David
More information about the Cyrus-sasl
mailing list