Best/Easiest method using encrypted password in MySQL DB
Dan White
dwhite at olp.net
Fri Jan 29 23:51:10 EST 2010
On 29/01/10 19:00 -0800, Nybbles2Byte wrote:
>I don't think I can say much more than the title. Cyrus seems to be running well but I would like to have the password in the MySQL DB encrypted.
>
>Does anyone have a "best way" of implementing that?
>
>My only criteria is that Postfix looks up the same table for user info. so whatever the implementation is Postfix has to be able to read/decrypt the encrypted password as well.
There are a couple of options via saslauthd:
1) Have saslauthd use the PAM backend, and the pam_mysql module to perform
password verification.
2) Have saslauthd to use the PAM backend, and use the standard pam_unix
module along with an NSS mysql library which allows you to store
password/shadow information in mysql.
There may also be a way to authenticate against hashed auxprop attributes
in the upcoming sasl 2.1.24 release, but I don't have any examples of how
that will work (see the NEWS file in the 2.1.24rc1 release for more info).
You should be aware that any of these methods will disallow the use of SASL
security layers. You will need to use SSL/TLS or another external security
mechanism to protect the transmission of passwords over the network.
--
Dan White
More information about the Info-cyrus
mailing list