checkpw.c crypt patch

David van Geest davidv at
Wed Jul 22 14:07:19 EDT 2009

CC'ing list for posterity...

Dan White wrote:
> David van Geest wrote:
>>> I personally haven't used "saslauthd -> PAM -> pam:mysql" before, so 
>>> I can't
>>> give you any first hand experience. Maybe someone else can share their
>>> knowledge on this.
>>> p at rick
>> Digging into this more, seems like using a salt isn't even possible.  
>> Looking at the pam_mysql options on this page 
>> ( 
>> I don't see any way to add a salt from the DB into the crypt() 
>> function.  However, if somebody knows more about this, I'm all ears.
>> -David
> I also have not used mysql in this type of environment, but I think 
> you should be able to accomplish what you want by doing saslauthd -> 
> PAM -> NSS (pam_unix) -> NSS-MySQL
> The nss library should have the knowledge of how to find the salt in 
> the first two bytes of the crypt'd password.
> I use an ldap nss module in a similar fashion, and my 
> /etc/nsswitch.conf looks like:
> passwd:         compat ldap
> group:          compat ldap
> shadow:         compat ldap
> and in my /etc/pam.d/imap:
> auth    required nullok_secure
> and my saslauthd uses PAM for authentication.
> Then you should be able to insert any password into MySQL that would 
> be valid for your /etc/shadow file.
> - Dan
Thanks Dan, after looking at it some more I think we're going to go a 
different route (see upcoming list post...)


More information about the Cyrus-sasl mailing list