authentification question (passwords stored in /etc/shadow) => sasl (conversion)
Jeremy Rumpf
jrumpf at heavyload.net
Fri Mar 21 12:01:51 EST 2003
On Friday 21 March 2003 10:20 am, Markus Welsch wrote:
> > This may be a long shot, passwords in /etc/shadow (depending on your
> > system), may be unix crypt or md5 hashes. Perhaps you could setup ldap,
> > and transplant the password hashes into the userPassword attribute. I've
> > never tried it personally, but it may be worth a shot.
>
> MD5 hashes are used if I'm not wrong here!
Aaah, then setup a simple ldap schema, something like:
dn: uid=john.doe at doeworld.com,ou=mail,dc=somecompany,dc=com
sn: Doe
givenName: John
userPassword: {MD5}xxxxxxxxxxxxDZgg==
description: mail user account
uid: john.doe at doeworld.com
cn: john.doe
mail: john.doe at doeworld.com
Construct the entries, and pop in the login value into the uid. Cut and paste
in the md5 hash prepending an {md5}. From there, setup cyrus to use
saslauthd. The saslauthd config file for ldap resolution may be like:
ldap_servers: ldap://ldap1.somecompany.com/
ldap_bind_dn: cn=someadminuser,dc=somecompany,dc=com
ldap_bind_pw: xxxxxxx
ldap_timeout: 20
ldap_scope: one
ldap_search_base: ou=mail,dc=somecompany,dc=com
ldap_auth_method: bind
ldap_filter: (uid=%u)
ldap_ssl: no
ldap_start_tls: no
The only question I don't know, is how cyrus 2.2.x handles mailbox names with
a domain (virtual domain support) and specifically how that relates to
username/password resolution in saslauthd. I haven't had any direct
experience yet with the two.
It may be worth taking a look into.
Jeremy
More information about the Info-cyrus
mailing list