digest-md5 password store

Guillermo Gómez guillermo.gomez at gmail.com
Wed Dec 5 15:42:24 EST 2007

> pam_mysql would correlate to saslauthd, and the cyrus sasl plugin
> would correlate to auxprop.
> See documentation on the SASL pwcheck_method setting
> (sasl_pwcheck_method in /etc/imapd.conf).
> When set to saslauthd, the pwcheck_method will allow the use of
> the PLAIN and LOGIN mechanisms, and will pass the username and
> password from the client on to PAM. PAM can internally hash the
> password and compare it against an already md5/crypted password.
> When set to auxprop, SASL will retrieve the cleartext password
> and use it to compare (in the case of PLAIN and LOGIN), or to use
> in multi-step negotiation of other mechanisms, such as DIGEST-MD5.
> The auxprop plugin gives you the ability to authenticate using
> the PLAIN, LOGIN, DIGEST-MD5, CRAM-MD5, NTLM and OTP mechs (and
> probably more).
> saslauthd only gives you the ability to authenticate using PLAIN
> and LOGIN (I believe), which may or may not be sufficient for you.
> - Dan

Thanks Dan, im reading and trying to digest all the material available.

What the customer wants is:

1.- md5-digest between imap client/server (squirrelmail/cyrus-imapd)
2.- md5 encrypted passwords stored in mysql db (cyrus-imap-??)

Is this combination possible?


Ing.Guillermo Gomez S.

More information about the Info-cyrus mailing list