Migrate passwords from shadow to mysql

Shelley Waltz shwaltz at cabm.rutgers.edu
Fri Jan 23 08:14:56 EST 2004

Thanks for the very clear instructions on how this works.   One thing 
which does not make sense is the removal of the mech_list option 
subsequent to all users in the shadow file having auth'd once. ???

Also, why are the transitioned passwords stored in plaintext in the mysql


On Thu, 22 Jan 2004, Ken Murchison wrote:

   Shelley Waltz wrote:
   > Ken, Thanks for the reply.
   > Yes, my new server is RH ES3 with all the most recent versions of
   > Cyrus imap/sasl/postfix/mysql ...
   Which version of SASL?  You definitely want 2.1.17.
   > Where do I read about autotransition into the SQL auxprop plugin?
   > Does this mean that after I transition my existing users, I still
   > need to create /etc/shadow entries in order to esatblish new accounts
   > in thge mysql database.  I planned to use webcyradm to manage accounts.
   Just read the docs on how to configure the SQL auxprop plugin.  Then in 
   your imapd.conf file, you'll have options like the following:
   sasl_mech_list: PLAIN LOGIN
   sasl_auto_transition: yes
   sasl_pwcheck_method: auxprop saslauthd
   sasl_auxprop_plugin: sql
   sasl_sql_engine: mysql
   sasl_sql_select: ...
   sasl_sql_insert: ...
   sasl_sql_update: ...
   And you'll need to run:
   saslauthd -a shadow
   This config will limit the server to plaintext authentication which will 
   happen against /etc/shadow and then the password will be inserted into 
   mysql.  The next time the user authenticates, the password will be 
   pulled from mysql (given the order of pwcheck_method).
   Once all of your users have authenticated at least once, you can remove 
   the mech_list option or add other mechs to the list.
   > On Thu, 22 Jan 2004, Ken Murchison wrote:
   >    Shelley Waltz wrote:
   >    > I am installing a new postfix-cyrus mail server.
   >    > I currently have cyrus-imap 1.6.24 authing PLAIN
   >    > from /etc/shadow.
   >    > 
   >    > I wish to migrate the passwords(md5) from the shadow file to
   >    > a mysql database and use this to auth PLAIN using TLS.
   >    > Is there a script available to do so - to migrate the users
   >    > from the shadow file and create the records for mysql authentication?
   >    > 
   >    > I did search, but found nothing.
   >    First, I'd strongly suggest that you upgrade to a recent version of 
   >    Cyrus, either 2.1.16 or 2.2.3.  To do this, you'll need a recent version 
   >    of SASL (I'd suggest 2.1.17).  Then, you just configure Cyrus/SASL to 
   >    authentication plaintext from /etc/shadow and have it autotransition 
   >    passwords into the SQL auxprop plugin.

More information about the Info-cyrus mailing list