On Sun, 2013-03-24 at 14:21 +0000, Charles Bradshaw wrote: > In my /etc/imapd.conf I'm using: > sasl_auxprop_plugin:sql > sasl_sql_engine:mysql > I want to store MD5 hashed passwords in my database. Is this possible? I would *assume* that the database doesn't much care about the hashing/encoding of the password/secret - I'd *assume* it just stores and retrieves it. Concerns for the validity of the secret are up-the-stack, is SASL proper, and not in the storage plugin. I could be wrong; I've mostly dealt with storing credentials in LDAP. > I was thinking about modifying the sql plugin to MD5 the password before > comparison, but... That seems wrong to me. Can't you just tell SASL via configuration that you want to use MD5? > I'm no C programmer so understanding sql.c (the plugin source) is quite > beyond me. It looks as though we just check for the presence of the > password and don't actual compare passwords! Surely I'm wrong here? That is what I would *assume* it does. And correctly. > I could use a symmetric encryption, eg AES, and place the necessary > decrypt in the sasl_sql_select statement, but that seems a bit pointless > since the key is now visible in various logs. That seems very wrong to me. I wonder why you care are credentials are stored; is SASL authentication not working? ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
