can i build a sasl module with support for encrypted passwords?
Dan White
dwhite at olp.net
Tue Jan 22 10:56:06 EST 2008
rupert wrote:
> Hi,
> i have my murder cluster running, with passwords stored in a mysql DB.
> The only thing that bugs me now is that the passwords are stored in
> plaintext inside the DB.
> I am using fedora8 and will switch to CentOS once everything runs fine.
> Can i build a rpm module for sasl that exist beside the packages that are in
> the repositries?
>
> like cyrus-sasl-md5.i386, cyrus-sasl-plain.i386, cyrus-sasl-devel.i386,
> cyrus-sasl-md5.i386 ...
>
> I tried to compile cyrus-sasl.2.19 with the pwcheck patch, but it just
> messed everythign up.
>
> Any other solutions? And why is such a important thing not standard?
Hi Rupert,
I think the MySQL PAM plugin is one possible way to support
hashed passwords. You would need to disable all mechanisms which
depend on the auxprop plugin and depend on a clear text password
(such as DIGEST-MD5).
You'll need to configure your pwcheck_method to include
saslauthd, and then configure saslauthd to use PAM to authenticate.
I'm not familiar with the pwcheck patch, but it shouldn't be
required in this scenario.
- Dan
More information about the Info-cyrus
mailing list