Bug 456822 - check if password comes encrypted [enhanchement]
Summary: check if password comes encrypted [enhanchement]
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: cyrus-sasl
Version: rawhide
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Jan F. Chadima
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-07-27 19:44 UTC by Balint Cristian
Modified: 2009-09-24 09:58 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2009-09-24 09:58:22 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Balint Cristian 2008-07-27 19:44:44 UTC
Description of problem:
  Using cyrus-sasl-sql in conjuction with cyrus-imapd
cannot accept encrypted password fields from SQL.

http://openrisc.rdsor.ro/cyrus-sasl.spec
http://openrisc.rdsor.ro/cyrus-sasl-2.1.22-17.fc9.src.rpm

 I propose to add:
Patch32: cyrus-sasl-2.1.19-checkpw.c.patch

to enhanche password authentication.

  Not sure if upstream aceept this, but many distros pack
using this patch by default, many people wants enclrypted
password in their SQL tables.

Comment 1 Balint Cristian 2008-07-27 19:46:09 UTC
A sample config to proove fuctionality:
allowplaintext: yes
admins: cyrus cyrus
servername: viasens.ro
#defaultdomain: viasens.ro
#loginrealms: viasens.ro
virtdomains: userid
configdirectory: /var/lib/imap
sievedir: /var/spool/imap/sieve
sieve_maxscriptsize: 16768
partition-default: /var/spool/imap
createonpost: yes
autocreatequota: 0
#autocreate_sieve_script: /etc/skel/sieve.dfl
unixhierarchysep: yes
sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: sql
sasl_sql_engine: mysql
sasl_mech_list: PLAIN CRAM-MD5 DIGEST-MD5
sasl_password_format: crypt
password_format: crypt
sasl_sql_hostnames: localhost
sasl_sql_user: postfix
sasl_sql_passwd: magicone
sasl_sql_database: postfix
sasl_sql_select: select password from mailbox where username = '%u@%r' and 
active = '1'
sasl_sql_verbose: yes
sasl_log_level: 99


tls_ca_file: /etc/pki/cyrus-imapd/server.pem
tls_cert_file: /etc/pki/cyrus-imapd/server.pem
tls_key_file: /etc/pki/cyrus-imapd/server.pem

Comment 2 Fedora Admin XMLRPC Client 2009-05-04 08:27:02 UTC
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.

Comment 3 Jan F. Chadima 2009-09-24 09:58:22 UTC
Because this patch will break all of the non-plaintext mechanisms.  If 
we receive a patch which uses a separate property for the crypted 
password, we would probably consider including it. (see http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-sasl&msg=5683)


Note You need to log in before you can comment on or make changes to this bug.