Andy Thanks for the link. If you read on you will see that while PAM allows storage of encrypted passwords in mysql, DIGEST-MD5 and CRAM-MD5 can then NOT be used. That's definitely as step in the wrong direction. I'm coming to the conclusion that I need understand the code well enough to add something to cyrus, but sadly I'm just too old to grok the tangle of C. I think the thread is now dead. Thanks for all contributions. Charles Bradshaw. On Mon, 2013-03-25 at 13:56 -0700, Andrew Morgan wrote: > On Sun, 24 Mar 2013, Charles Bradshaw wrote: > > > In my /etc/imapd.conf I'm using: > > > > sasl_auxprop_plugin:sql > > sasl_sql_engine:mysql > > > > I want to store MD5 hashed passwords in my database. Is this possible? > > > > I was thinking about modifying the sql plugin to MD5 the password before > > comparison, but... > > > > I'm no C programmer so understanding sql.c (the plugin source) is quite > > beyond me. It looks as though we just check for the presence of the > > password and don't actual compare passwords! Surely I'm wrong here? > > > > I could use a symmetric encryption, eg AES, and place the necessary > > decrypt in the sasl_sql_select statement, but that seems a bit pointless > > since the key is now visible in various logs. > > This could be illuminating: > > http://serverfault.com/questions/81958/postfix-sasl-mysql-use-md5-encryption > > They suggest using the pam_mysql module so that you can specify the > password storage format. > > It appears the SQL auxprop plugin only works with passwords stored in > plaintext. > > Andy ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
