Bug 456822

Summary: check if password comes encrypted [enhanchement]
Product: [Fedora] Fedora Reporter: Balint Cristian <cristian.balint>
Component: cyrus-saslAssignee: Jan F. Chadima <jchadima>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhideKeywords: FutureFeature
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-09-24 09:58:22 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Balint Cristian 2008-07-27 19:44:44 UTC 
Description of problem:
  Using cyrus-sasl-sql in conjuction with cyrus-imapd
cannot accept encrypted password fields from SQL.

http://openrisc.rdsor.ro/cyrus-sasl.spec
http://openrisc.rdsor.ro/cyrus-sasl-2.1.22-17.fc9.src.rpm

 I propose to add:
Patch32: cyrus-sasl-2.1.19-checkpw.c.patch

to enhanche password authentication.

  Not sure if upstream aceept this, but many distros pack
using this patch by default, many people wants enclrypted
password in their SQL tables.
Comment 1 Balint Cristian 2008-07-27 19:46:09 UTC 
A sample config to proove fuctionality:
allowplaintext: yes
admins: cyrus cyrus
servername: viasens.ro
#defaultdomain: viasens.ro
#loginrealms: viasens.ro
virtdomains: userid
configdirectory: /var/lib/imap
sievedir: /var/spool/imap/sieve
sieve_maxscriptsize: 16768
partition-default: /var/spool/imap
createonpost: yes
autocreatequota: 0
#autocreate_sieve_script: /etc/skel/sieve.dfl
unixhierarchysep: yes
sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: sql
sasl_sql_engine: mysql
sasl_mech_list: PLAIN CRAM-MD5 DIGEST-MD5
sasl_password_format: crypt
password_format: crypt
sasl_sql_hostnames: localhost
sasl_sql_user: postfix
sasl_sql_passwd: magicone
sasl_sql_database: postfix
sasl_sql_select: select password from mailbox where username = '%u@%r' and 
active = '1'
sasl_sql_verbose: yes
sasl_log_level: 99


tls_ca_file: /etc/pki/cyrus-imapd/server.pem
tls_cert_file: /etc/pki/cyrus-imapd/server.pem
tls_key_file: /etc/pki/cyrus-imapd/server.pem
Comment 2 Fedora Admin XMLRPC Client 2009-05-04 08:27:02 UTC 
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 3 Jan F. Chadima 2009-09-24 09:58:22 UTC 
Because this patch will break all of the non-plaintext mechanisms.  If 
we receive a patch which uses a separate property for the crypted 
password, we would probably consider including it. (see http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-sasl&msg=5683)