sasldb: userPassword vs. cmusaslsecret*
Marco Colombo
cyrus-list at esiway.net
Tue Apr 17 05:36:41 EDT 2007
Hello,
we're long time users of cyrus-imapd. Due to various migrations, our
SASL2 password database currently contains two kinds of entries:
# sasldblistusers2 -f sasldb2 | cut -f2 -d" " | sort | uniq -c
102 cmusaslsecretCRAM-MD5
102 cmusaslsecretDIGEST-MD5
102 cmusaslsecretPLAIN
88 userPassword
As you can see, we've got 102 users with the old, scrambled, password
entries and 88 with the new userPassword cleartext passwords.
As I understand it, the old kind of cmusaslsecret* entries are
superseeded by the new one. Now saslpasswd2 creates only userPassword by
default, that's how we got those 88 entries in our database - anytime a
password is changed via saslpasswd2 the old entries are deleted and a
new userPassword is created, plus of course new users that now are
created with a single userPassword entry from the start.
Well, we would like to migrate those 102 user to the new userPassword
format. Last time I checked, the autotransition options creates
cmusaslsecret* entries if cmusaslsecretPLAIN is present, at the time the
password is checked (that is, when the cleartext sent by the remote user
is available).
So, here's the question: is there a way to effect that migration?
I think cleartext passwords can't be restored from cmusaslsecret*
entries, but if the user authenticates via PLAIN (or LOGIN in
cyrus-imapd, which is the mostly used here) the password could be saved
as userPassword entry just like an autotransition.
We currently run cyrus-imapd 2.3.1 from Fedora Core Extra 5.
.TM.
More information about the Info-cyrus
mailing list