can i build a sasl module with support for encrypted passwords?

rupert rupertt at gmail.com
Wed Jan 23 05:38:25 EST 2008


now im up to pam, how can I change the querythat pam does on the DB?
I have a multidomain setup and the username is the email address (
test.test.local), but pam cuts of the @test.local in the query


thx again

On Jan 23, 2008 9:23 AM, rupert <rupertt at gmail.com> wrote:

>
>
> On Jan 22, 2008 9:05 PM, Rupert <rupertt at gmail.com> wrote:
>
> > Dan White schrieb:
> > > rupert wrote:
> > >> Hi,
> > >> i have my murder cluster running, with passwords stored in a mysql
> > DB.
> > >> The only thing that bugs me now is that the passwords are stored in
> > >> plaintext inside the DB.
> > >> I am using fedora8 and will switch to CentOS once everything runs
> > fine.
> > >> Can i build a rpm module for sasl that exist beside the packages that
> > >> are in
> > >> the repositries?
> > >>
> > >> like cyrus-sasl-md5.i386, cyrus-sasl-plain.i386,
> > cyrus-sasl-devel.i386,
> > >> cyrus-sasl-md5.i386 ...
> > >>
> > >> I tried to compile cyrus-sasl.2.19 with the pwcheck patch, but it
> > just
> > >> messed everythign up.
> > >>
> > >> Any other solutions? And why is such a important thing not standard?
> > >
> > > Hi Rupert,
> > >
> > > I think the MySQL PAM plugin is one possible way to support hashed
> > > passwords. You would need to disable all mechanisms which depend on
> > > the auxprop plugin and depend on a clear text password (such as
> > > DIGEST-MD5).
> > >
> > > You'll need to configure your pwcheck_method to include saslauthd, and
> > > then configure saslauthd to use PAM to authenticate.
> > >
> > > I'm not familiar with the pwcheck patch, but it shouldn't be required
> > > in this scenario.
> > >
> > > - Dan
> > I tried some more times to compile the latest cyrus-sasl with the
> > patch(read somewhere the .18 also works on the latest sasl) on my fedora
> > box.
> > I always get some error while compiling that it cant find mysql.h or
> > mysqlclient.
> > I compile it with enable-sql and --with-mysql=/usr/lib/mysql
> > --with-mysql=/usr/include/mysql
> > which is where all the files are located it is complaining about. I also
> > have /usr/lib/mysql in ld.so.conf
> > Can there be anything else wrong?
> >
> >
> > thx
> >
> > ok , i got back to the .19 version and compiled that one.
> When I now login the syslog says no worthy mechs found and the maillog a
> "frontend imap[2864]: badlogin: frontend [192.168.247.128] plaintext
> joe at test.local SASL(-13): authentication failure: checkpass failed"
> mysql is working because I can see the query in the mysql.log.
>
> thx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080123/2f3895c4/attachment-0001.html 


More information about the Info-cyrus mailing list