On 29/01/10 19:00 -0800, Nybbles2Byte wrote: >I don't think I can say much more than the title. Cyrus seems to be running >well but I would like to have the password in the MySQL DB encrypted. > >Does anyone have a "best way" of implementing that? > >My only criteria is that Postfix looks up the same table for user info. so >whatever the implementation is Postfix has to be able to read/decrypt the >encrypted password as well.
There are a couple of options via saslauthd: 1) Have saslauthd use the PAM backend, and the pam_mysql module to perform password verification. 2) Have saslauthd to use the PAM backend, and use the standard pam_unix module along with an NSS mysql library which allows you to store password/shadow information in mysql. There may also be a way to authenticate against hashed auxprop attributes in the upcoming sasl 2.1.24 release, but I don't have any examples of how that will work (see the NEWS file in the 2.1.24rc1 release for more info). You should be aware that any of these methods will disallow the use of SASL security layers. You will need to use SSL/TLS or another external security mechanism to protect the transmission of passwords over the network. -- Dan White ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
