checkpw.c crypt patch
Dan White
dwhite at olp.net
Tue Jul 21 17:10:49 EDT 2009
David van Geest wrote:
>>
>> I personally haven't used "saslauthd -> PAM -> pam:mysql" before, so
>> I can't
>> give you any first hand experience. Maybe someone else can share their
>> knowledge on this.
>>
>> p at rick
>>
> Digging into this more, seems like using a salt isn't even possible.
> Looking at the pam_mysql options on this page
> (http://pam-mysql.sourceforge.net/Documentation/package-readme.php?seemore=y)
> I don't see any way to add a salt from the DB into the crypt()
> function. However, if somebody knows more about this, I'm all ears.
>
> -David
>
I also have not used mysql in this type of environment, but I think you
should be able to accomplish what you want by doing saslauthd -> PAM ->
NSS (pam_unix) -> NSS-MySQL
The nss library should have the knowledge of how to find the salt in the
first two bytes of the crypt'd password.
I use an ldap nss module in a similar fashion, and my /etc/nsswitch.conf
looks like:
passwd: compat ldap
group: compat ldap
shadow: compat ldap
and in my /etc/pam.d/imap:
auth required pam_unix.so nullok_secure
and my saslauthd uses PAM for authentication.
Then you should be able to insert any password into MySQL that would be
valid for your /etc/shadow file.
- Dan
More information about the Cyrus-sasl
mailing list