Message from discussion question on sasl2 auth thru mysql
From: Mohammad Al-Shami <mohsh...@gmail.com>
Subject: Re: question on sasl2 auth thru mysql
Date: Fri, 19 Aug 2005 12:20:45 +0300
References: <firstname.lastname@example.org> <list.postfix.users#20050819065435.GA3789@state-of-mind.de>
X-Trace: 1124443327 news.xs4all.nl 11073 [::ffff:126.96.36.199]:3006
This is a multi-part message in MIME format.
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
I patched SASL2 to read encrypted passwords from the MySQL database.
Then used plain and login through with TLS. Do you mean that having the
passwords in clear text in your database and having shared-secret
mechanism is better??
Thanks in advance
Patrick Ben Koetter wrote:
> * Adrian Mak <makkaich...@gmail.com>:
>>I'm going to implement virtual mailbox thru mysql db (i.e. creation of
>>linux shell account is not necessary for just using email service)
>>Existing sasl2 work well on auth. users from remote client
>>If postfix implement virtual mailbox, does sasl2 need support mysql too ?
> Postfix and Cyrus-SASL.2.x are two different softwares. You can configure
> Postfix to lookup information in MySQL and leave SASL the way it was at the
> same time without any problems.
> However in most situations when you put the Postfix lookup tables in a SQL
> database, it makes sense to use the SQL database as authentication
> backend for Cyrus-SASL.2.x as well.
> In this case all you need to do is rebuild Cyrus-SASL.2.x --with-sql and
> --mysql=/usr (providing the full path doesn't work because there's a bug in
> the configure (?) script) and then copy the libsql.* stuff to your SASL dir.
> Refer to options.html from the SASL docs to identify the correct parameters,
> options and notation (!) for MySQL configuration, but most important don't (!)
> use crypted passwords in your MySQL table to store the passwords.
> The reason is that SASL SQL support is done via auxprop-plugins, which
> additionally gives you shared-secret mechanisms. These mechanisms must be
> able to read a password from the authenication backend (MySQL). If the
> passwords are crypted, it will not work.
> Use "sample-server" and "sample-client" from the sample subdir in the SASL
> sources to test authentication before (!) you try to test authentication using
> a MUA and Postfix. Only if the sample-* binares succeed proceed to configure
> Postfix or you will never know which (Cyrus-SASL.2.x or Postfix) causes
> problems during authentication.
"Programming today is a race between software engineers striving to
build bigger and better idiot-proof programs and the universe trying to
produce bigger and better idiots. So far, the universe is winning."
Content-Type: text/x-vcard; charset=utf-8;
fn:Mohammad H. Al-Shami