MD5 Passwords in MySql?
Charles Bradshaw
brad at bradcan.homelinux.com
Mon Mar 25 17:32:16 EDT 2013
Andy
Thanks for the link. If you read on you will see that while PAM allows
storage of encrypted passwords in mysql, DIGEST-MD5 and CRAM-MD5 can
then NOT be used. That's definitely as step in the wrong direction.
I'm coming to the conclusion that I need understand the code well enough
to add something to cyrus, but sadly I'm just too old to grok the tangle
of C.
I think the thread is now dead. Thanks for all contributions.
Charles Bradshaw.
On Mon, 2013-03-25 at 13:56 -0700, Andrew Morgan wrote:
> On Sun, 24 Mar 2013, Charles Bradshaw wrote:
>
> > In my /etc/imapd.conf I'm using:
> >
> > sasl_auxprop_plugin:sql
> > sasl_sql_engine:mysql
> >
> > I want to store MD5 hashed passwords in my database. Is this possible?
> >
> > I was thinking about modifying the sql plugin to MD5 the password before
> > comparison, but...
> >
> > I'm no C programmer so understanding sql.c (the plugin source) is quite
> > beyond me. It looks as though we just check for the presence of the
> > password and don't actual compare passwords! Surely I'm wrong here?
> >
> > I could use a symmetric encryption, eg AES, and place the necessary
> > decrypt in the sasl_sql_select statement, but that seems a bit pointless
> > since the key is now visible in various logs.
>
> This could be illuminating:
>
> http://serverfault.com/questions/81958/postfix-sasl-mysql-use-md5-encryption
>
> They suggest using the pam_mysql module so that you can specify the
> password storage format.
>
> It appears the SQL auxprop plugin only works with passwords stored in
> plaintext.
>
> Andy
More information about the Info-cyrus
mailing list