* Mike Erdely <mike@xxxxxxxxxxxxx>: > I'm sorry if this is a FAQ, but I haven't found an answer to this. > > I'd like to use cyrus-sasl with mysql and sendmail to do SMTP_AUTH. I'd > like to store my passwords encrypted in my db. Out of the box, > cyrus-sasl doesn't seem to support this, but with the patch here: > http://frost.ath.cx/software/cyrus-sasl-patches/ > Things work as expected. > > FYI: I'm using cyrus-sasl-2.1.21p4-mysql on OpenBSD 4.1. > > Am I missing something? Is there a reason this functionality is not in > cyrus-sasl? If you want to offer/use shared-secret mechanisms, then you have to store the passwords unencrytped - the way shared-secret mechanisms work, requires this. This is intended behaviour in Cyrus SASL and that's why the frost patch doesn't ship with the Cyrus SASL sources. If you apply the frost patch, Cyrus SASL looses the ability to process shared-secret mechanisms in combination with MySQL as authentication backend. The gain over the loss is that you can store the passwords encrypted. People who want to store and use crypted password in a MySQL DB probably have an easier life if they just use saslauthd as Cyrus SASL password verification service and let saslauthd hand the authentication over to PAM (saslauthd -a pam ...). Then in PAM use the pam_mysql plugin and let it authenticate against crypted passwords. You get the same, but you don't need to patch Cyrus SASL. p@rick -- The Book of Postfix <http://www.postfix-book.com> saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>