digest-md5 password store

Guillermo Gómez guillermo.gomez at gmail.com
Wed Dec 5 15:42:24 EST 2007


> pam_mysql would correlate to saslauthd, and the cyrus sasl plugin
> would correlate to auxprop.
>
> See documentation on the SASL pwcheck_method setting
> (sasl_pwcheck_method in /etc/imapd.conf).
>
> When set to saslauthd, the pwcheck_method will allow the use of
> the PLAIN and LOGIN mechanisms, and will pass the username and
> password from the client on to PAM. PAM can internally hash the
> password and compare it against an already md5/crypted password.
>
> When set to auxprop, SASL will retrieve the cleartext password
> and use it to compare (in the case of PLAIN and LOGIN), or to use
> in multi-step negotiation of other mechanisms, such as DIGEST-MD5.
>
> The auxprop plugin gives you the ability to authenticate using
> the PLAIN, LOGIN, DIGEST-MD5, CRAM-MD5, NTLM and OTP mechs (and
> probably more).
>
> saslauthd only gives you the ability to authenticate using PLAIN
> and LOGIN (I believe), which may or may not be sufficient for you.
>
> - Dan
>

Thanks Dan, im reading and trying to digest all the material available.

What the customer wants is:

1.- md5-digest between imap client/server (squirrelmail/cyrus-imapd)
2.- md5 encrypted passwords stored in mysql db (cyrus-imap-??)

Is this combination possible?

Guillermo



-- 
Ing.Guillermo Gomez S.
http://fedora.gomix.org


More information about the Info-cyrus mailing list