can i build a sasl module with support for encrypted passwords?

Rupert rupertt at gmail.com
Tue Jan 22 15:05:05 EST 2008


Dan White schrieb:
> rupert wrote:
>> Hi,
>> i have my murder cluster running, with passwords stored in a mysql DB.
>> The only thing that bugs me now is that the passwords are stored in
>> plaintext inside the DB.
>> I am using fedora8 and will switch to CentOS once everything runs fine.
>> Can i build a rpm module for sasl that exist beside the packages that 
>> are in
>> the repositries?
>>
>> like cyrus-sasl-md5.i386, cyrus-sasl-plain.i386, cyrus-sasl-devel.i386,
>> cyrus-sasl-md5.i386 ...
>>
>> I tried to compile cyrus-sasl.2.19 with the pwcheck patch, but it just
>> messed everythign up.
>>
>> Any other solutions? And why is such a important thing not standard?
>
> Hi Rupert,
>
> I think the MySQL PAM plugin is one possible way to support hashed 
> passwords. You would need to disable all mechanisms which depend on 
> the auxprop plugin and depend on a clear text password (such as 
> DIGEST-MD5).
>
> You'll need to configure your pwcheck_method to include saslauthd, and 
> then configure saslauthd to use PAM to authenticate.
>
> I'm not familiar with the pwcheck patch, but it shouldn't be required 
> in this scenario.
>
> - Dan
I tried some more times to compile the latest cyrus-sasl with the 
patch(read somewhere the .18 also works on the latest sasl) on my fedora 
box.
I always get some error while compiling that it cant find mysql.h or  
mysqlclient.
I compile it with enable-sql and --with-mysql=/usr/lib/mysql 
--with-mysql=/usr/include/mysql
which is where all the files are located it is complaining about. I also 
have /usr/lib/mysql in ld.so.conf
Can there be anything else wrong?


thx


More information about the Info-cyrus mailing list