RE: SASL 2.1.17 with auxprop to Myqsl

From: dwt (admin at d-w-t dot com)
Date: Thu Mar 11 2004 - 17:32:15 EST

  • Next message: Simon Matter: "RE: SASL 2.1.17 with auxprop to Myqsl"

            Returned information on janedoe at domain dot com would defeat the purpose.
    If we were trying to get the email address, that would be easy enough - that
    would make my life very easy. Unfortunately, I can't ask thousands of
    illiterate users to change their Outlooks and their Eudoras to authenticate
    with the email address instead of their username.
            I don't really see what postfix has to do with this as all of that
    is already done and working properly. Cyrus is the only thing that doesn't
    work and that does so essentially independent of postfix. But if you think
    it will help, I'm strapped for ideas.

    Main.cf_______________________________
    smtpd_sasl_local_domain = $mydomain
    broken_sasl_auth_clients = yes
    smtpd_sasl_auth_enable = yes
    smtpd_sasl2_auth_enable = yes
    smtpd_sasl_security_options = noanonymous

    The exact query that comes up in the logs is exactly as we currently have in
    our smtpd.conf

    5843 Query select password from users where username='janedoe'

            If I enter in the first Janedoes password, it will accept it, but I
    need it to also look for the second one.

    -----Original Message-----
    From: Lev V. Vanyan [mailto:remedy at programmit dot co dot uk]
    Sent: Thursday, March 11, 2004 4:06 PM
    To: dwt
    Subject: RE: SASL 2.1.17 with auxprop to Myqsl

    On Thu, 2004-03-11 at 22:30, dwt wrote:
    > Andreas,
    >
    > Not exactly. Our table is closer to this:
    >
    > | Account ID | Username | Password | Email Address |
    > |^^^^^^^^^^^^^|^^^^^^^^^^^^|^^^^^^^^^^^^|^^^^^^^^^^^^^^^^^^^^^|
    > | 1001 | janedoe | pickles | janedoe at domain1 dot com |
    > | 1002 | janedoe | plums | janedoe at domain2 dot com |
    > --------------------------------------------------------------
    >
    > This is done this way because everybody is currently setup
    > (thousands of users) to authenticate just using their username, not their
    > email address. Perhaps I misunderstood the second comment, but nothing
    needs
    > to be inserted into the database.
    > When an authentication attempt comes in for janedoe on the second
    > domain, the only thing the server sees is janedoe and plums. Using the
    SASL
    > auxprop configuration, it looks for the username janedoe - finds the first
    > one and compares the password. The first janedoe entry has a password or
    > pickles so the attempt gets rejected. This could be solved if we could
    tell
    > auxprop to look for a password/username combination in the database, like
    > making %p = whatever the user has configured as the password for his email
    > client. So when Janedoe #2 tries to send mail she has %u = janedoe and %p
    =
    > plums in Outlook Express. Out statement would say:
    >
    > Select password from users where username='%u' and password='%p';
    >
    > I know this isn't %p, but maybe we can make it that...? Far fetched,
    > maybe, but necessary.
    How come your postfix retrieves information on janedoe, not
    janedoe at whateverdomainitis2 dot com? Can you please turn on logging of all
    incoming mysql queries (--log switch of mysqld) ?
    And can you please send all your postfix configuration lines that have
    to do with sasl?
    It would be much more efficient.


  • Next message: Simon Matter: "RE: SASL 2.1.17 with auxprop to Myqsl"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD