MD5 Passwords in MySql?
Andrew Morgan
morgan at orst.edu
Mon Mar 25 16:56:56 EDT 2013
On Sun, 24 Mar 2013, Charles Bradshaw wrote:
> In my /etc/imapd.conf I'm using:
>
> sasl_auxprop_plugin:sql
> sasl_sql_engine:mysql
>
> I want to store MD5 hashed passwords in my database. Is this possible?
>
> I was thinking about modifying the sql plugin to MD5 the password before
> comparison, but...
>
> I'm no C programmer so understanding sql.c (the plugin source) is quite
> beyond me. It looks as though we just check for the presence of the
> password and don't actual compare passwords! Surely I'm wrong here?
>
> I could use a symmetric encryption, eg AES, and place the necessary
> decrypt in the sasl_sql_select statement, but that seems a bit pointless
> since the key is now visible in various logs.
This could be illuminating:
http://serverfault.com/questions/81958/postfix-sasl-mysql-use-md5-encryption
They suggest using the pam_mysql module so that you can specify the
password storage format.
It appears the SQL auxprop plugin only works with passwords stored in
plaintext.
Andy
More information about the Info-cyrus
mailing list