Postfix/SASL/mysql AUTH
Shaun T. Erickson
> (I've
> already read Lopaka K. Delp's article "Cyrus SASL 2.1.12 with MySQL
> Encrypted
> Passwords" -
> http://www.viperstrike.com/~lopaka/sysadmin/cyrus-sasl-mysql-encrypt/ -
> but
> would like to accomplish this _without_patching_SASL_ if possible.)
Well, *I* did it by having saslauthd call pam, which looks up the user's
encrypted password in the database. Unfortunately, the latest release of
sasl is "broken", in that it doesn't pass the realm to pam (or anything
else, I hear). It took a trivial patch to saslauthd's auth_pam.c file to
fix that.
One way or the other, you will have to patch some part of sasl. :)
-ste
Eric P.
http://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/mysql.c.diff?r1=1.10&r2=1.11
...and that the Gentoo SASL ebuild already has this patch as an option:
But I still don't know how to get the three (postfix + SASL + MySQL) to work
together. Hm.
I guess that I keep digging. :^)
Eric P.
Sunnyvale, CA
On Wednesday 24 March 2004 04:26 pm, Eric P. wrote:
> Hello, All:
>
> I'm using vmail (http://www.probsd.net/vmail/) to manange my virtual
> domains & mailboxes and pop-before-smtp (http://popbsmtp.sourceforge.net)
> to authenticate clients but *want* to use SASL to authenticate clients
> against vmail's MySQL tables instead.
>
> Is it possible to use SASL to authenticate using MySQL tables *simply*?
> (I've already read Lopaka K. Delp's article "Cyrus SASL 2.1.12 with MySQL
> Encrypted Passwords" -
> http://www.viperstrike.com/~lopaka/sysadmin/cyrus-sasl-mysql-encrypt/ - but
> would like to accomplish this _without_patching_SASL_ if possible.)
>
> Eric P.
> Sunnyvale, CA
Andreas Winkelmann
> I'm using vmail (http://www.probsd.net/vmail/) to manange my virtual
> domains & mailboxes and pop-before-smtp (http://popbsmtp.sourceforge.net)
> to authenticate clients but *want* to use SASL to authenticate clients
> against vmail's MySQL tables instead.
>
> Is it possible to use SASL to authenticate using MySQL tables *simply*?
> (I've already read Lopaka K. Delp's article "Cyrus SASL 2.1.12 with MySQL
> Encrypted Passwords" -
> http://www.viperstrike.com/~lopaka/sysadmin/cyrus-sasl-mysql-encrypt/ - b=
ut
> would like to accomplish this _without_patching_SASL_ if possible.)
Without Patching Cyrus-SASL? How boring...
Hmm, use Cyrus-SASL 2.1.15 with saslauthd, pam and pam_mysql. Don't forget =
to=20
start saslauthd with "-n 0" because of the memory-leaks in pam(_mysql).
The newer versions 2.1.17 and 2.1.18 have the new feature cutting of the=20
domain-part and forgetting the realm behind saslauthd.
=2D-=20
Andreas
Óscar Zovo
> Hello, All:
>
> I'm using vmail (http://www.probsd.net/vmail/) to manange my virtual domains &
> mailboxes and pop-before-smtp (http://popbsmtp.sourceforge.net) to
> authenticate clients but *want* to use SASL to authenticate clients against
> vmail's MySQL tables instead.
>
> Is it possible to use SASL to authenticate using MySQL tables *simply*? (I've
> already read Lopaka K. Delp's article "Cyrus SASL 2.1.12 with MySQL Encrypted
> Passwords" -
> http://www.viperstrike.com/~lopaka/sysadmin/cyrus-sasl-mysql-encrypt/ - but
> would like to accomplish this _without_patching_SASL_ if possible.)
>
You can use authdaemond from Courier-IMAP. authdaemond supports MySQL
and encrypted passwords (both Linux MD5 and traditional crypt). With
Cyrus-SASL 2.1.18 you can have pwcheck_method: authdaemond
You only need to enable authdaemond and mysql on compile time, and have
a working authdaemond.
I use it with postfix-2.0.19-20040312 and authenticates all users in
mysql tables and it works fine.
regards,
zovo.
--
********************************************
NEXUS - Telecomunicacoes e Servicos SARL
Rua dos Enganos Nr. 1 / 1ro andar - Kinaxixi
Tel: +244 2 336533
URL: www.nexus.ao
postm...@nexus.ao
********************************************