Re: SASL 2.1.17 with auxprop to Myqsl

From: Andreas Winkelmann (ml at awinkelmann dot de)
Date: Thu Mar 11 2004 - 14:56:05 EST

  • Next message: dwt: "RE: SASL 2.1.17 with auxprop to Myqsl"

    Am Donnerstag, 11. März 2004 20:09 schrieb dwt:

    > I spent quite a bit of time digging through the archives.. 3 hours
    > to be exact. I saw a couple similar requests, yet didn't see one of them
    > get answered. I'm hoping this one has better luck.
    >
    > Smtpd.conf:
    > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    >
    > pwcheck_method: auxprop
    > auxprop_plugin: sql
    > sql_engine: mysql
    > mech_list: plain login
    >
    > sql_user: removed
    > sql_passwd: removed
    > sql_hostnames: localhost
    > sql_database: postfix
    > sql_statement: select Password from users where username='%u';
    > sql_verbose: true
    >
    > ---------------------------------
    >
    > This setup works fine with one domain. Not a single glitch ever.
    > Regardless of how frustrating SASL may be to configure and compile, I have
    > to give it a gold star on reliability. But now I've run into a problem. I'm
    > building a massive server to support multiple domains: Courier IMAP,
    > Postfix, and Mysql as an authentication module on all ends with Cyrus SASL
    > for the outbound authentication. All users for all domains are stored in
    > our one database table, "users".
    > So in this instance we have janedoe at domain1 dot com with password
    > pickles and janedoe at domain2 dot com with password plums. The problem we've
    > found is, when SASL hits up the database to authenticate the user, it finds
    > the first entry and then stops. So when janedoe at domain2 dot com tries to send
    > mail, with her password plums, SASL looks through the database for janedoe
    > and sees the password as pickles and thus rejects the authentication

    I think i don't understand you. You have a table:

    user | password
    -------------------------------------------------
    janedoe at domain1 dot com | pickels
    janedoe at domain2 dot com | plums

    And you query/select the table for "janedoe at domain2 dot com", please tell me why
    the rdbms returns the value "pickels"?

    > attempt. The solution is to make a statement that looks for the password
    > and the username and then compares the two with the authentication attempt
    > such as:
    >
    > Select username from users where password='%p' and username='%u';
    >
    > I know %p doesn't give me what I want... but I was hoping there was
    > some way I could make it what I want since according to some documentation
    > I read, %p can "technically be anything".

    How should this work? The sense of the query is to recieve the password from
    the table, how should this be inserted in the query? And why?

    -- 
    	Andreas
    

  • Next message: dwt: "RE: SASL 2.1.17 with auxprop to Myqsl"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD