Guillermo Gómez wrote: > Ive been looking on how to work cyrus imap with mysql and found two options: > > cyrus pam with pam_mysql > cyrus sasl sql plugin > > In the first one it look like the store can have the password encrypted MD5 > The second one needs the passwords in the clear in the db > > customer says they have a mysql db with md5 passwords in it. > > Im still confused on how this should work, can anyone please give me > some insights on this regard pam_mysql would correlate to saslauthd, and the cyrus sasl plugin would correlate to auxprop. See documentation on the SASL pwcheck_method setting (sasl_pwcheck_method in /etc/imapd.conf). When set to saslauthd, the pwcheck_method will allow the use of the PLAIN and LOGIN mechanisms, and will pass the username and password from the client on to PAM. PAM can internally hash the password and compare it against an already md5/crypted password. When set to auxprop, SASL will retrieve the cleartext password and use it to compare (in the case of PLAIN and LOGIN), or to use in multi-step negotiation of other mechanisms, such as DIGEST-MD5. The auxprop plugin gives you the ability to authenticate using the PLAIN, LOGIN, DIGEST-MD5, CRAM-MD5, NTLM and OTP mechs (and probably more). saslauthd only gives you the ability to authenticate using PLAIN and LOGIN (I believe), which may or may not be sufficient for you. - Dan ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
