MD5 Passwords in MySql?

Charles Bradshaw brad at bradcan.homelinux.com
Sun Mar 24 10:21:28 EDT 2013


In my /etc/imapd.conf I'm using:

sasl_auxprop_plugin:sql
sasl_sql_engine:mysql

I want to store MD5 hashed passwords in my database. Is this possible?

I was thinking about modifying the sql plugin to MD5 the password before
comparison, but...

I'm no C programmer so understanding sql.c (the plugin source) is quite
beyond me. It looks as though we just check for the presence of the
password and don't actual compare passwords! Surely I'm wrong here?

I could use a symmetric encryption, eg AES, and place the necessary
decrypt in the sasl_sql_select statement, but that seems a bit pointless
since the key is now visible in various logs.



More information about the Info-cyrus mailing list