From: dwt (admin at d-w-t dot com)
Date: Thu Mar 11 2004 - 17:32:15 EST
Returned information on janedoe at domain dot com would defeat the purpose.
If we were trying to get the email address, that would be easy enough - that
would make my life very easy. Unfortunately, I can't ask thousands of
illiterate users to change their Outlooks and their Eudoras to authenticate
with the email address instead of their username.
I don't really see what postfix has to do with this as all of that
is already done and working properly. Cyrus is the only thing that doesn't
work and that does so essentially independent of postfix. But if you think
it will help, I'm strapped for ideas.
smtpd_sasl_local_domain = $mydomain
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl2_auth_enable = yes
smtpd_sasl_security_options = noanonymous
The exact query that comes up in the logs is exactly as we currently have in
5843 Query select password from users where username='janedoe'
If I enter in the first Janedoes password, it will accept it, but I
need it to also look for the second one.
From: Lev V. Vanyan [mailto:remedy at programmit dot co dot uk]
Sent: Thursday, March 11, 2004 4:06 PM
Subject: RE: SASL 2.1.17 with auxprop to Myqsl
On Thu, 2004-03-11 at 22:30, dwt wrote:
> Not exactly. Our table is closer to this:
> | Account ID | Username | Password | Email Address |
> | 1001 | janedoe | pickles | janedoe at domain1 dot com |
> | 1002 | janedoe | plums | janedoe at domain2 dot com |
> This is done this way because everybody is currently setup
> (thousands of users) to authenticate just using their username, not their
> email address. Perhaps I misunderstood the second comment, but nothing
> to be inserted into the database.
> When an authentication attempt comes in for janedoe on the second
> domain, the only thing the server sees is janedoe and plums. Using the
> auxprop configuration, it looks for the username janedoe - finds the first
> one and compares the password. The first janedoe entry has a password or
> pickles so the attempt gets rejected. This could be solved if we could
> auxprop to look for a password/username combination in the database, like
> making %p = whatever the user has configured as the password for his email
> client. So when Janedoe #2 tries to send mail she has %u = janedoe and %p
> plums in Outlook Express. Out statement would say:
> Select password from users where username='%u' and password='%p';
> I know this isn't %p, but maybe we can make it that...? Far fetched,
> maybe, but necessary.
How come your postfix retrieves information on janedoe, not
janedoe at whateverdomainitis2 dot com? Can you please turn on logging of all
incoming mysql queries (--log switch of mysqld) ?
And can you please send all your postfix configuration lines that have
to do with sasl?
It would be much more efficient.