authentification question (passwords stored in /etc/shadow) => sasl (conversion)

Jeremy Rumpf jrumpf at heavyload.net
Fri Mar 21 12:01:51 EST 2003


On Friday 21 March 2003 10:20 am, Markus Welsch wrote:
> > This may be a long shot, passwords in /etc/shadow (depending on your
> > system), may be unix crypt or md5 hashes. Perhaps you could setup ldap,
> > and transplant the password hashes into the userPassword attribute. I've
> > never tried it personally, but it may be worth a shot.
>
> MD5 hashes are used if I'm not wrong here!

Aaah, then setup a simple ldap schema, something like:

  dn: uid=john.doe at doeworld.com,ou=mail,dc=somecompany,dc=com
  sn: Doe
  givenName: John
  userPassword: {MD5}xxxxxxxxxxxxDZgg==
  description: mail user account
  uid: john.doe at doeworld.com
  cn: john.doe
  mail: john.doe at doeworld.com

Construct the entries, and pop in the login value into the uid. Cut and paste 
in the md5 hash prepending an {md5}. From there, setup cyrus to use 
saslauthd. The saslauthd config file for ldap resolution may be like:

  ldap_servers: ldap://ldap1.somecompany.com/
  ldap_bind_dn: cn=someadminuser,dc=somecompany,dc=com
  ldap_bind_pw: xxxxxxx
  ldap_timeout: 20
  ldap_scope: one
  ldap_search_base: ou=mail,dc=somecompany,dc=com
  ldap_auth_method: bind
  ldap_filter: (uid=%u)
  ldap_ssl: no
  ldap_start_tls: no

The only question I don't know, is how cyrus 2.2.x handles mailbox names with 
a domain (virtual domain support) and specifically how that relates to 
username/password resolution in saslauthd. I haven't had any direct 
experience yet with the two.

It may be worth taking a look into.

Jeremy




More information about the Info-cyrus mailing list