Bug 456822 - check if password comes encrypted [enhanchement]
check if password comes encrypted [enhanchement]
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: cyrus-sasl (Show other bugs)
rawhide
All Linux
low Severity low
: ---
: ---
Assigned To: Jan F. Chadima
Fedora Extras Quality Assurance
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-07-27 15:44 EDT by Balint Cristian
Modified: 2009-09-24 05:58 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-09-24 05:58:22 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Balint Cristian 2008-07-27 15:44:44 EDT
Description of problem:
  Using cyrus-sasl-sql in conjuction with cyrus-imapd
cannot accept encrypted password fields from SQL.

http://openrisc.rdsor.ro/cyrus-sasl.spec
http://openrisc.rdsor.ro/cyrus-sasl-2.1.22-17.fc9.src.rpm

 I propose to add:
Patch32: cyrus-sasl-2.1.19-checkpw.c.patch

to enhanche password authentication.

  Not sure if upstream aceept this, but many distros pack
using this patch by default, many people wants enclrypted
password in their SQL tables.
Comment 1 Balint Cristian 2008-07-27 15:46:09 EDT
A sample config to proove fuctionality:
allowplaintext: yes
admins: cyrus cyrus@viasens.ro
servername: viasens.ro
#defaultdomain: viasens.ro
#loginrealms: viasens.ro
virtdomains: userid
configdirectory: /var/lib/imap
sievedir: /var/spool/imap/sieve
sieve_maxscriptsize: 16768
partition-default: /var/spool/imap
createonpost: yes
autocreatequota: 0
#autocreate_sieve_script: /etc/skel/sieve.dfl
unixhierarchysep: yes
sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: sql
sasl_sql_engine: mysql
sasl_mech_list: PLAIN CRAM-MD5 DIGEST-MD5
sasl_password_format: crypt
password_format: crypt
sasl_sql_hostnames: localhost
sasl_sql_user: postfix
sasl_sql_passwd: magicone
sasl_sql_database: postfix
sasl_sql_select: select password from mailbox where username = '%u@%r' and 
active = '1'
sasl_sql_verbose: yes
sasl_log_level: 99


tls_ca_file: /etc/pki/cyrus-imapd/server.pem
tls_cert_file: /etc/pki/cyrus-imapd/server.pem
tls_key_file: /etc/pki/cyrus-imapd/server.pem
Comment 2 Fedora Admin XMLRPC Client 2009-05-04 04:27:02 EDT
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 3 Jan F. Chadima 2009-09-24 05:58:22 EDT
Because this patch will break all of the non-plaintext mechanisms.  If 
we receive a patch which uses a separate property for the crypted 
password, we would probably consider including it. (see http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-sasl&msg=5683)

Note You need to log in before you can comment on or make changes to this bug.