RE: SASL 2.1.17 with auxprop to Myqsl

From: Remko Lodder (remko at elvandar dot org)
Date: Thu Mar 11 2004 - 15:25:35 EST

  • Next message: dwt: "RE: SASL 2.1.17 with auxprop to Myqsl"

    Hi,

    Well, dont be afraid, there are people who got it working under BSD, but it
    seems
    i am doing something wrong and cant figure it out {since it works with
    sasldb}
    how is your postfix configured anyways? does it have a
    smtpd_sasl_local_domain =
    statement?
    I don't fill that in so the realm can change that way.

    Perhaps that works, otherwise my options are out, since i cant even get it
    to work :-)

    cheers

    --
    Kind regards,
    Remko Lodder
    Elvandar.org/DSINet.org
    www.mostly-harmless.nl Dutch community for helping newcomers on the
    hackerscene
    -----Oorspronkelijk bericht-----
    Van: owner-cyrus-sasl at lists dot andrew dot cmu dot edu
    [mailto:owner-cyrus-sasl at lists dot andrew dot cmu dot edu]Namens dwt
    Verzonden: donderdag 11 maart 2004 21:06
    Aan: cyrus-sasl at lists dot andrew dot cmu dot edu
    Onderwerp: RE: SASL 2.1.17 with auxprop to Myqsl
    	We're running all of this on RH 7.3. We may be switching to BSD once
    Redhat drops its support at the end of the year... depends on what that
    entails in it's entirety since we don't really use Redhat's support anyways.
    But it kind of make me weary since you can't get it working at all. It would
    really hurt my head to know that we have to switch from RH to BSD and
    everything we've migrated and done is now useless - that would be hard to
    explain to our customers... hmmm...
    	I played around with the realm function and it always uses domain1.
    For instance, when it queries the database, even if we're going for janedoe
    at domain2 - it says:
    	Select password from users where username='janedoe at domain1 dot com'
    	The %p always returns the auth mech we're using - so the actual
    query logs report:
    	"select password from users where username='janedoe' and
    password='saslauthPLAIN'"
    	We could add more realms but then I run into the problem of
    importing domains where the users are used to using just their username to
    authenticate (we will be hosting the mail for other domains with thousands
    of users, so it needs to be a seamless migration; just change an mx record
    and cross your fingers).
    	Do you have an idea I haven't thought of yet? I suppose I could do a
    Mysql "like"... but then it would still take the first entry and not the
    second (or third, or fourth, et cetera).
    - Demian
    -----Original Message-----
    From: Remko Lodder [mailto:remko at elvandar dot org]
    Sent: Thursday, March 11, 2004 2:38 PM
    To: dwt; cyrus-sasl at lists dot andrew dot cmu dot edu
    Subject: RE: SASL 2.1.17 with auxprop to Myqsl
    Select username from users where password='%p' and username='%u';
    try using '%u@%r' at the username section
    => user at realm, so that
    Note that i am interested in what platform you run it on, on OpenBSD i dont
    get it working at all :-)
    Cheers
    --
    Kind regards,
    Remko Lodder
    Elvandar.org/DSINet.org
    www.mostly-harmless.nl Dutch community for helping newcomers on the
    hackerscene
    -----Oorspronkelijk bericht-----
    Van: owner-cyrus-sasl at lists dot andrew dot cmu dot edu
    [mailto:owner-cyrus-sasl at lists dot andrew dot cmu dot edu]Namens dwt
    Verzonden: donderdag 11 maart 2004 20:09
    Aan: cyrus-sasl at lists dot andrew dot cmu dot edu
    Onderwerp: SASL 2.1.17 with auxprop to Myqsl
    Hi,
    	I spent quite a bit of time digging through the archives.. 3 hours
    to be exact. I saw a couple similar requests, yet didn't see one of them get
    answered. I'm hoping this one has better luck.
    Smtpd.conf:
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    pwcheck_method: auxprop
    auxprop_plugin: sql
    sql_engine: mysql
    mech_list: plain login
    sql_user: removed
    sql_passwd: removed
    sql_hostnames: localhost
    sql_database: postfix
    sql_statement: select Password from users where username='%u';
    sql_verbose: true
    ---------------------------------
    	This setup works fine with one domain. Not a single glitch ever.
    Regardless of how frustrating SASL may be to configure and compile, I have
    to give it a gold star on reliability. But now I've run into a problem. I'm
    building a massive server to support multiple domains: Courier IMAP,
    Postfix, and Mysql as an authentication module on all ends with Cyrus SASL
    for the outbound authentication. All users for all domains are stored in our
    one database table, "users".
    	So in this instance we have janedoe at domain1 dot com with password
    pickles and janedoe at domain2 dot com with password plums. The problem we've found
    is, when SASL hits up the database to authenticate the user, it finds the
    first entry and then stops. So when janedoe at domain2 dot com tries to send mail,
    with her password plums, SASL looks through the database for janedoe and
    sees the password as pickles and thus rejects the authentication attempt.
    	The solution is to make a statement that looks for the password and
    the username and then compares the two with the authentication attempt such
    as:
    Select username from users where password='%p' and username='%u';
    	I know %p doesn't give me what I want... but I was hoping there was
    some way I could make it what I want since according to some documentation I
    read, %p can "technically be anything".
    Any ideas or suggestions... or if you know exactly how to correct this
    problem... would be great appreciated.
    Thank you,
    - Demian
    

  • Next message: dwt: "RE: SASL 2.1.17 with auxprop to Myqsl"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD