Haakon wrote: > > > We're about to migrate a server from Courier-IMAP to Cyrus-IMAP. The > > Courier-server autheticates via authdaemond to a MySQL-server, and the > > passwords in the MySQL-server are MD5-encrypted. > > > > I can not get authentication to work with Cyrus and SASL (with the SQL > > auxprop-plugin) with the encrypted passwords, only when the passwords > > are in plaintext. The question is, is there something I've not > > understood in how to configure Cyrus/SASL, or does the SQL > > auxprop-plugin require all the passwords to be in plaintext? > > > > If it is not possible to have MD5-encrypted passwords, does anone have > > any suggestions what we could do instead? Authenticate against Courier's > > authdaemond, perhaps? If your operating system supports MD5 encryption of the system account passwords (as the *BSDs all do) then you could always just use system accounts (and thus just use the built-in "saslauthd -a getpwent" mechanism). If you have lots of accounts then you'll want to automate the system account management of course, but that's not hard to do with a small script in any language that will do SQL queries against your database. I currently do that with DES-encrypted passwords stored in PostgreSQL using a little Python script to manage /etc/master.passwd et al. Right now it runs from cron every half hour, but with a slightly better database design one could use SQL triggers to push changes to a little daemon that did smarter updates in near real time. I for one would never ever even consider using any system that required me to store any authentication key in clear text! -- Greg A. Woods H:+1 416 218-0098 W:+1 416 489-5852 x122 VE3TCP RoboHack <woods@xxxxxxxxxxx> Planix, Inc. <woods@xxxxxxxxxx> Secrets of the Weird <woods@xxxxxxxxx> ---- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
