Patrick Ben Koetter wrote:
* David van Geest <davidv@xxxxxxxxxxxxx>:
Hi All,
I'm working on getting Postfix to authenticate SMTP users from a MySQL
DB which stores encrypted passwords. Various how-to's recommend
cyrus-sasl, but it seems that to use it for encrypted passwords you need
the checkpw.c+sql.c patch. The only version of this patch I can find
(http://pieps.org/cyrus/dist/2.1.19/) is for cyrus-sasl-2.1.19. Has the
patch been merged into later versions of cyrus-sasl, or do I need to use
2.1.19?
The/any patch breaks shared-secret mechanisms, which require plaintext
passwords.
Also if anyone has pointers on getting this going, I'd be happy to hear
them.
No need to patch.
Use saslauthd -> PAM -> pam:mysql -> MySQL(crypted passwords)
p@rick
Thanks Patrick! I'm attempting what you suggest using pam:mysql. My
/etc/pam.d/smtp.postfix looks like this:
auth optional pam_mysql.so user=<mysql_username>
passwd=<mysql_pw> host=host.domain db=<db_name> table=<user_table>
usercolumn=<user_column> passwdcolumn=<user_pass_column> crypt=1
account required pam_mysql.so user=<mysql_username>
passwd=<mysql_pw> host=host.domain db=<db_name> table=<user_table>
usercolumn=<user_column> passwdcolumn=<user_pass_column> crypt=1
A follow-up question: how does this work when using a salt? The DB
admin wants to store the password hash and password salt in separate
columns in MySQL, so it seems like I would need to add another option in
the above lines to specify the salt column, so the salt value can be
used with crypt().
-David
<http://www.spindance.com>
