-   Linux - Server (
-   -   postfix cyrus sasl md5 problem (

xiutuo 09-11-2009 06:08 AM

postfix cyrus sasl md5 problem
mysql5 install path: /usr/local/mysql

these were installed by source ..

configure parameter:
cryus sasl:
# ./configure --bindir=/usr/bin \
--sbindir=/usr/sbin \
--includedir=/usr/include \
--enable-login --enable-plain --enable-digest --enable-cram \
--enable-sql --with-mysql=/usr/local/mysql \
# vi /usr/lib/sasl2/smtpd.conf
pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: plain login cram-md5 digest-md5
auto_transition: yes
log_level: 5
sql_engine: mysql
sql_database: postfix
sql_user: root
sql_passwd: mypasswd
sql_select: SELECT password FROM mailbox WHERE name='%u' and domain='%r' and active='1'

# ln -s /usr/local/lib/sasl2 /usr/lib/sasl2
# cp /usr/local/lib/libsasl* /usr/lib/

# make -f Makefile.init makefiles 'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include \
-DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl' 'AUXLIBS=-L /usr/local/mysql/lib -lmysqlclient -lz -lm \
-L/usr/local/lib -lsasl2'
# make install

and other configure file ready.,.

then i test mail system,

finally found a problem...

i configure cyrus sasl enable sql \mysql,and digest md5,
but i cant use md5 method. or got error:sasl auth fail.

on the mail client with smtp auth password i used md5 encryption as my plain password,it works,,

my question:

how to use md5 authentication mechanisms straightly.

cyus sasl need some patch or something,,,

anyone suggestion will be help me out..


estabroo 09-12-2009 06:25 PM

cyrus sasl stores the passwords in recoverable manner and not via any hashing mechanism, cram-md5 and digest-md5 are auth methods that use the password, so you can't encrypt them and then store them in the sasl db. In other words, its working as designed and you'll need to patch sasl if you want to store the password encrypted.

xiutuo 09-14-2009 04:42 AM

i got sasl patch
I read this documention.

and configure cyrus sasl

$ cd cyrus-sasl-2.1.23
$ cat ../cyrus-sasl-auxcrypt.patch | patch -p1
$ aclocal -I cmulocal -I config
$ automake
$ autoconf

$ ./configure --bindir=/usr/bin \
--sbindir=/usr/sbin \
--includedir=/usr/include \
--enable-login --enable-plain --enable-digest --enable-cram \
--enable-sql --with-mysql=/usr/local/mysql

$ make;make install


$ make -f Makefile.init makefiles 'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include \
-DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl' 'AUXLIBS=-L /usr/local/mysql/lib -lmysqlclient -lz -lm \
-L/usr/local/lib -lsasl2'

it dont work just like the first posted..

i still dont know why.....

estabroo 09-14-2009 11:30 AM

did you add the crypt method to the front of the password?

quote from that webpage:

The trick is to embed the encoding of the password to the beginning of the stored ciphertext. For example 'foobar' encoded with traditional unix crypt is '{CRYPT}I8wBo3nJ1ux.2'. The prefix is not case-sensitive.

All times are GMT -5. The time now is 11:33 PM.