Re: MD5 Passwords in MySql?
Thanks Guys I think it's finally sunk in. DIGEST-MD5 and CRAM-MD5 are mutually exclusive with hashed passwords. D'oh! I think I even posted that fact in answer to a previous thread. On Mon, 2013-03-25 at 21:09 -0400, Adam Tauno Williams wrote: On Mon, 2013-03-25 at 17:03 -0500, Scott Lambert wrote: On Mon, Mar 25, 2013 at 09:32:16PM +, Charles Bradshaw wrote: Andy Thanks for the link. If you read on you will see that while PAM allows storage of encrypted passwords in mysql, DIGEST-MD5 and CRAM-MD5 can then NOT be used. That's definitely as step in the wrong direction. I'm coming to the conclusion that I need understand the code well enough to add something to cyrus, but sadly I'm just too old to grok the tangle of C. Basically, Digest-MD5 and CRAM-MD5 avoid passing the cleartext password across the wire by hashing something with the cleartext password. These authentication methods require that the cleartext password be known (or at least recoverable) by the server and the client. Yep, which was pointed out originally. If the cred store is encrypted it needs to be a two-way crypt [can be decrypted]. So you basically have a crypted filesystem store anyway. Therefore, the server cannot be using a non-reversible hash of the password for its password store. You can store cleartext passwords in your password database and avoid passing passwords in cleartext across the wire. OR You can store hashed passwords in your password database and pass cleartext passwords over the wire, hopefully inside an SSL/TLS connection. +1 If you use crypted MD5 hashed passords in your database, you will have to disable Digest-MD5 and CRAM-MD5 in your SASL auth mechanisms. My system is not running in that configuration so I am not certain that you can tell saslauthd to use a mysql database for encrypted password storage. I use saslauthd to a PostgreSQL database that stores crypted passwords - but it can only do PLAIN/LOGIN in that configuration, none of the newer mechs that all the cool kids are using. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: MD5 Passwords in MySql?
On Tue, 2013-03-26 at 10:17 +, Charles Bradshaw wrote: Thanks Guys I think it's finally sunk in. DIGEST-MD5 and CRAM-MD5 are mutually exclusive with hashed passwords. D'oh! I think I even posted that fact in answer to a previous thread. No problem, it happens to us all. Yesterday I posted two messages to lists relating to issues that as soon as I posted them I found the answers right there in the documentation. Right there! I swear I had already looked twice. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: DBERROR error fetching user.toto cyrusdb error
On 03/26/2013 04:15 PM, Sabine GOUDARD wrote: Hello, Last Saturday, my database shutdown I restart my server, a checkdisk was done and all was ok but only one mailbox was corrupted I could open the mailbox, but I couldn't delete mail etc etc ... All message for this mailbox were suspended with I/O Error I managed to save /var/spool/cyrus/t/user/toto Cyrus restarted without any error I created user.toto with cyradm and sam user.toto cyrus all When I try to set quota I have setquota : System I/O error Hi, check file system rights on: - /var/lib/cyrus/quota/t/*toto* - /var/lib/cyrus/user/t/toto* - /var/spool/cyrus/t/user/toto/* Anthony If I try to acess to mailbox I have DBERROR error fetching user.toto cyrusdb error in syslog But all the other boxes work without any error What can I do ? have you got any idea about how to solve this problem ? I never had these errors and i'm afraid to broken more ... I'm confused about the state of my database and i have no idea about how to solve this problem Cyrus 2.2 * **Sabine Goudard* Service Informatique et Multimédia Tél : 04 77 42 37 20 *Ecole Nationale Supérieure d’Architecture de Saint-Étienne* 1, rue Buisson BP 94 42003 Saint-Étienne Cedex 1 Fax : 04 77 42 35 40 http://www.st-etienne.archi.fr Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus