[imp] Authentication against MySQL Database

Darron Froese darron@froese.org
Fri, 08 Dec 2000 10:51:25 -0700


On 12/8/00 2:57 AM, "Adi Sieker" <adi-ml@living-source.com> wrote:

> Why do that with pam_mysql?

Because otherwise you have to rely on using a patched version of Cyrus sasl
that wasn't upgraded for quite some time. Those patches have been recently
upgraded.

They're here:

<http://www.surf.org.uk/patches/sasl-1.5.24-ldap-mysql-patch.tgz>

At the time when I deployed the 2 systems that I have running pam_mysql, the
patches you're referring to were for an old Cyrus SASL that had known
security issues.

That's all.

I like the flexibility of tying a clean/non-patched version of Cyrus SASL to
PAM directly - then I have the flexibility of PAM to use as well.

Then I'm not dependant upon patches which may or may not be updated (in a
timely fashion or at all) and I don't have to skill to update them myself.

> I just installed a box with
> cyrus, imp, mysql,apache current stable versions.
> All you the need todo is setup cyrus to use sasl.
> Then add the file Cyrus.conf in /usr/local/lib/sasl/
> Where Cyrus.conf looks like this:
> 
> pwcheck_method: mysql
> mysql_user: <name>
> mysql_passwd: <pasword>
> mysql_host: localhost
> mysql_database: <dbname>
> mysql_table: <tablename>
> mysql_uidcol: <uidcolumn>
> mysql_pwdcol: <passwordcolum>
> The password column expects a plaintext password.
> 
> You will still have to create the users mailboxes with cyradm.
> 
> Tschau
>  Adi
> P.S.: The my<sql user has to have a password otherwise sasl segfaults.

-- 
Darron
darron@froese.org