On Sun, 24 Mar 2013, Charles Bradshaw wrote: > In my /etc/imapd.conf I'm using: > > sasl_auxprop_plugin:sql > sasl_sql_engine:mysql > > I want to store MD5 hashed passwords in my database. Is this possible? > > I was thinking about modifying the sql plugin to MD5 the password before > comparison, but... > > I'm no C programmer so understanding sql.c (the plugin source) is quite > beyond me. It looks as though we just check for the presence of the > password and don't actual compare passwords! Surely I'm wrong here? > > I could use a symmetric encryption, eg AES, and place the necessary > decrypt in the sasl_sql_select statement, but that seems a bit pointless > since the key is now visible in various logs. This could be illuminating: http://serverfault.com/questions/81958/postfix-sasl-mysql-use-md5-encryption They suggest using the pam_mysql module so that you can specify the password storage format. It appears the SQL auxprop plugin only works with passwords stored in plaintext. Andy ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
