On 2006-06-27 at 19:25 +0300, Alexandru E. Ungur wrote: > I'm having a bit of a hard time doing a migration of cyrus from this: > anyway, on the old server it is a cyrus+saslauthd+pam+pam_mysql+mysql > On the new server I got saslauthd working pretty much ok (I think). Using PAM, you lose those authentication mechanisms which require a cleartext password (DIGEST-MD5, etc). Looking on the pam-mysql website, I see that they cover this and document how to get Cyrus-SASL to work with MySQL and bypass the PAM layer; their method includes support for domains. <URL:http://pam-mysql.sourceforge.net/Documentation/FAQ.php?seemore=y> http://pam-mysql.sourceforge.net/Documentation/FAQ.php?seemore=y " Q. I set up saslauthd (of Cyrus-SASL) to use PAM-MySQL for authentication and noticed some authentication mechanisms such as CRAM-MD5 don't work. Why? A. CRAM-MD5 are DIGEST-MD5 are Challenge-Response authentication mechanisms (indeed CRAM is short for Challange-Response Authentication Mechanism), plain-text passwords have to be supplied to the instance that handles authentication communication with the user (that is, the SASL client library), rather than the authenticator (the server). Therefore, it is not possible to use PAM with these mechanisms and then you need to configure Cyrus-SASL to have "SQL" auxprop plugin with MySQL support and specify "auxprop" for the preferred password checking method. For instance, if you want to use it in conjunction with Postfix, the SASL configuration file "smtpd.conf", which is put in the Cyrus-SASL's plugin directory (or the location included in the SASL_PATH environment variable), would look like the following: pwcheck_method: auxprop mech_list: plain login cram-md5 digest-md5 sql_engine: mysql sql_database: sys sql_user: someuser sql_passwd: fubar sql_select: SELECT password FROM users WHERE name='%u' and domain='%r'; Note that passwords should be stored in plain-text in this case. " To get the domain stuff working with pam_mysql, I suspect that you need to be looking at the 'where' option, putting the appropriate SQL in there; the 'where' option is mentioned at: <URL:http://pam-mysql.sourceforge.net/Documentation/package-readme.php?seemore=y> http://pam-mysql.sourceforge.net/Documentation/package-readme.php?seemore=y although no escapes are mentioned and OTTOMH I don't recall what can be done in imapd.conf for this. Sorry. -- "Everything has three factors: politics, money, and the right way to do it. In that order." -- Gary Donahue ---- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
