Red Hat Bugzilla – Bug 456822
check if password comes encrypted [enhanchement]
Last modified: 2009-09-24 05:58:22 EDT
Description of problem: Using cyrus-sasl-sql in conjuction with cyrus-imapd cannot accept encrypted password fields from SQL. http://openrisc.rdsor.ro/cyrus-sasl.spec http://openrisc.rdsor.ro/cyrus-sasl-2.1.22-17.fc9.src.rpm I propose to add: Patch32: cyrus-sasl-2.1.19-checkpw.c.patch to enhanche password authentication. Not sure if upstream aceept this, but many distros pack using this patch by default, many people wants enclrypted password in their SQL tables.
A sample config to proove fuctionality: allowplaintext: yes admins: cyrus cyrus@viasens.ro servername: viasens.ro #defaultdomain: viasens.ro #loginrealms: viasens.ro virtdomains: userid configdirectory: /var/lib/imap sievedir: /var/spool/imap/sieve sieve_maxscriptsize: 16768 partition-default: /var/spool/imap createonpost: yes autocreatequota: 0 #autocreate_sieve_script: /etc/skel/sieve.dfl unixhierarchysep: yes sasl_pwcheck_method: auxprop sasl_auxprop_plugin: sql sasl_sql_engine: mysql sasl_mech_list: PLAIN CRAM-MD5 DIGEST-MD5 sasl_password_format: crypt password_format: crypt sasl_sql_hostnames: localhost sasl_sql_user: postfix sasl_sql_passwd: magicone sasl_sql_database: postfix sasl_sql_select: select password from mailbox where username = '%u@%r' and active = '1' sasl_sql_verbose: yes sasl_log_level: 99 tls_ca_file: /etc/pki/cyrus-imapd/server.pem tls_cert_file: /etc/pki/cyrus-imapd/server.pem tls_key_file: /etc/pki/cyrus-imapd/server.pem
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
Because this patch will break all of the non-plaintext mechanisms. If we receive a patch which uses a separate property for the crypted password, we would probably consider including it. (see http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-sasl&msg=5683)