hi all,
yes, i know .... 'ugh'.
i've spent seemingly countless hours googling around in circles -- well
actually, in dozens of disjointed threads -- and getting oft conflicting
answers/instructions from contributing authors. thanks for all the
coments/help, tho! (you know who you are ...)
it was suggested that i repost the Q to the lists ... so, to limit the bouncing
around again, please bear with me on cross-posting this to:
Cyrus SASL List <[EMAIL PROTECTED]>
Cyrus INFO List <[EMAIL PROTECTED]>
Web-Cyradm List <[EMAIL PROTECTED]>
this *should* (i hope) reopen a stagnant thread or two ...
to the details:
my target (on OSX 10.3.6) is:
postfix (2.1.15)
cyrus-imap (2.2.8)
cyrus-sasl (2.1.20)
mysql (4.1.7)
web-cyradm as a front-end
setup for virtual domains/accounts only.
an included goals is to enable support of all auth mechs (plain, login, gssapi,
ntlm, cram-md5, digest-md5) for client connections, both with, & without,
SSL/TLS encryption.
i've built all the pieces successfully, and am currently awash in trying to
solve numerous authentication issues ...
to that end, here are my QUESTION(s):
(a) web-cyradm's HOWTO instructs that pam_mysql be used with SASL2 for
authentication.
however, i've found
<http://groups.google.com/groups?hl=en&lr=&threadm=bvvqjf%2425rh%241%40FreeBSD.csie.NCTU.edu.tw&rnum=2&prev=/groups%3Fq%3Dpam_mysql%253A%2520MySQL%2520err%2520Access%2520denied%2520for%2520user%26hl%3Den%26lr%3D%26sa%3DN%26tab%3Dwg>
" >or if the problem is in sasl2, pam_mysql.so or mysql itself.
SASL - pam_mysql
SASL2 - auxprop_mysql
choose either one, but do not mix them."
but, i can find no further reference/documentation on the issue.
#############
## QUESTION
does, IN FACT, the use of SASL2 preclude the use of pam_mysql?
(b) as i'm migrating TO a cyrus IMAP/SASL based from commercial-ware,
i'm 'used to' seeing full support for all of the multiple auth mechs
i've learned that there's an 'issue' (problem?) of Cyrus' "lack of native
support
for encrypted pwds in MySQL" which prevents one from using the secret-based
auth mechs via saslauthd ...
there are patches around (all of? some of?) this problem:
cref: <http://brunny.com/content/view/12/0/>
and 'authdaemond' from courier-imap seems to be an alternative:
cref:
<http://groups.google.com/groups?hl=en&lr=&threadm=c3ucsu%24a12%241%40FreeBSD.csie.NCTU.edu.tw&rnum=21&prev=/groups%3Fq%3Dsasl%2Bcyrus%2Bcrypt%2Bmysql%26hl%3Den%26lr%3D%26start%3D20%26sa%3DN>
but, of course, the goals is to get THIS system working, rather that
'abandoning ship'.
to THAT end, for the moment, i've settled on (still working on it ... ):
(1) patch to web-cyradm: <http://www.shaolinux.org/web-cyradm-0.5.4.new.diff>
cref discussion thread @:
http://www.web-cyradm.org/pipermail/web-cyradm/2004-April/017305.html
cd /var/DarkMatter/WebTools
(2) patch to cyrus-sasl: <http://frost.ath.cx/software/cyrus-sasl-patches/>
(3) modify web-cyradm install's impad.conf & smtpd.conf to use sasl auxprop's
sql/mysql plugin, rather than pam_mysql
#############
## QUESTION(s)
(i) is this, IN FACT, a 'problem'/missing functionality in Cyrus?
(ii) is it planned to be addressed/fixed anytime soon?
(it's been implied that it requires a 'major rewrite' ...)?
(iii) what specifically would need to be fixed/changed in SASL?
NOTE: i've heard from the maintainers that this is 'not on the top
of their priority list ... but that a discussion here might
instigate
a patch ...
i appreciate any/all insights, direction and look forward to the discussion --
and 'closure'!
cheers,
richard
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
