hi all,
yes, i know .... 'ugh'.
i've spent seemingly countless hours googling around in circles -- well actually, in dozens of disjointed threads -- and getting oft conflicting answers/instructions from contributing authors. thanks for all the coments/help, tho! (you know who you are ...)
it was suggested that i repost the Q to the lists ... so, to limit the bouncing around again, please bear with me on cross-posting this to:
Cyrus SASL List <[EMAIL PROTECTED]> Cyrus INFO List <[EMAIL PROTECTED]> Web-Cyradm List <[EMAIL PROTECTED]>
this *should* (i hope) reopen a stagnant thread or two ...
to the details:
my target (on OSX 10.3.6) is:
postfix (2.1.15) cyrus-imap (2.2.8) cyrus-sasl (2.1.20) mysql (4.1.7) web-cyradm as a front-end
setup for virtual domains/accounts only.
an included goals is to enable support of all auth mechs (plain, login, gssapi, ntlm, cram-md5, digest-md5) for client connections, both with, & without, SSL/TLS encryption.
i've built all the pieces successfully, and am currently awash in trying to solve numerous authentication issues ...
to that end, here are my QUESTION(s):
(a) web-cyradm's HOWTO instructs that pam_mysql be used with SASL2 for authentication.
however, i've found
<http://groups.google.com/groups?hl=en&lr=&threadm=bvvqjf%2425rh%241%40FreeBSD.csie.NCTU.edu.tw&rnum=2&prev=/groups%3Fq%3Dpam_mysql%253A%2520MySQL%2520err%2520Access%2520denied%2520for%2520user%26hl%3Den%26lr%3D%26sa%3DN%26tab%3Dwg>
" >or if the problem is in sasl2, pam_mysql.so or mysql itself.
SASL - pam_mysql SASL2 - auxprop_mysql choose either one, but do not mix them."
but, i can find no further reference/documentation on the issue.
############# ## QUESTION does, IN FACT, the use of SASL2 preclude the use of pam_mysql?
(b) as i'm migrating TO a cyrus IMAP/SASL based from commercial-ware, i'm 'used to' seeing full support for all of the multiple auth mechs
i've learned that there's an 'issue' (problem?) of Cyrus' "lack of native support for encrypted pwds in MySQL" which prevents one from using the secret-based auth mechs via saslauthd ...
there are patches around (all of? some of?) this problem:
cref: <http://brunny.com/content/view/12/0/>
and 'authdaemond' from courier-imap seems to be an alternative:
cref: <http://groups.google.com/groups?hl=en&lr=&threadm=c3ucsu%24a12%241%40FreeBSD.csie.NCTU.edu.tw&rnum=21&prev=/groups%3Fq%3Dsasl%2Bcyrus%2Bcrypt%2Bmysql%26hl%3Den%26lr%3D%26start%3D20%26sa%3DN>
but, of course, the goals is to get THIS system working, rather that 'abandoning ship'.
to THAT end, for the moment, i've settled on (still working on it ... ): (1) patch to web-cyradm: <http://www.shaolinux.org/web-cyradm-0.5.4.new.diff> cref discussion thread @: http://www.web-cyradm.org/pipermail/web-cyradm/2004-April/017305.html cd /var/DarkMatter/WebTools (2) patch to cyrus-sasl: <http://frost.ath.cx/software/cyrus-sasl-patches/> (3) modify web-cyradm install's impad.conf & smtpd.conf to use sasl auxprop's sql/mysql plugin, rather than pam_mysql
############# ## QUESTION(s) (i) is this, IN FACT, a 'problem'/missing functionality in Cyrus? (ii) is it planned to be addressed/fixed anytime soon? (it's been implied that it requires a 'major rewrite' ...)? (iii) what specifically would need to be fixed/changed in SASL?
NOTE: i've heard from the maintainers that this is 'not on the top of their priority list ... but that a discussion here might instigate a patch ...
i appreciate any/all insights, direction and look forward to the discussion -- and 'closure'!
cheers,
richard
--- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html