* Juan Miscaro <[EMAIL PROTECTED]>: > Hi everybody, > > I have STARTTLS, SMTP-AUTH, and SASL running with cleartext passwords > in a SQL backend for a while now. I am trying to switch over from > cleartext to crypt in terms of my passwords stored in MySQL. I have > things running for IMAP with crypt. For SMTP-AUTH I am using the same > SQL table and password. I thought all I would need to do is edit my > smtpd.conf file (point to the encrypted table column and specify crypt > as password format) but I'm getting > > postfix/smtpd[6085]: warning: SASL authentication failure: Password > verification failed > postfix/smtpd[6085]: warning: modemcableBLAH[69.10.10.10]: SASL PLAIN > authentication failed: authentication failure > postfix/smtpd[6085]: warning: modemcableBLAH[69.10.10.10]: SASL LOGIN > authentication failed: authentication failure > > Here is my smtpd.conf: > > pwcheck_method: auxprop > auxprop_plugin: sql > mech_list: PLAIN LOGIN > > #log_level: 2 > > sql_engine: mysql > sql_hostnames: localhost > sql_database: mail > sql_user: postfix > sql_passwd: yeahright > sql_select: SELECT crypt FROM virtual_users WHERE email = '[EMAIL > PROTECTED]' > sql_usessl: no > password_format: crypt > > What am I missing?
1. The so called FROST patch, which adds functionality to Cyrus SASL to have it verify crypted MySQL password. You patch, and you loose shared-secret mechanism functionality and are left to use plaintext passwords only. 2. You don't patch, but don't use the sql auxprop_plugin. Instead you configure saslauthd to use PAM and PAM to use the Mysql Plugin. Again, you gain crypted passwords and loose shared-secret mechanisms. [EMAIL PROTECTED] -- The Book of Postfix <http://www.postfix-book.com> saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
