In my /etc/imapd.conf I'm using: sasl_auxprop_plugin:sql sasl_sql_engine:mysql
I want to store MD5 hashed passwords in my database. Is this possible? I was thinking about modifying the sql plugin to MD5 the password before comparison, but... I'm no C programmer so understanding sql.c (the plugin source) is quite beyond me. It looks as though we just check for the presence of the password and don't actual compare passwords! Surely I'm wrong here? I could use a symmetric encryption, eg AES, and place the necessary decrypt in the sasl_sql_select statement, but that seems a bit pointless since the key is now visible in various logs. ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
