[Web-cyradm] resolving SASL vs. crypt'd pwds in MySQL, auxprop vs pam_mysql, & support for secret-based auth mechs [x-posted]

OpenMacNews web-cyradm.20.openmacnews at spamgourmet.com
Tue Nov 9 14:38:39 CET 2004 

hi,

>> are you presenting/using client CRAM-MD5 or DIGEST-MD5 auth mechs?  of 'just' PLAIN &/or LOGIN over SSL/TLS?
>
> I'm only using login/plain over SSL/TLS

rats. close ... but no cigar ...

>> in the meantime, any, in particular, you can recommend?
>
> Yes, the ones by Alexander Koch.

thx! i'll have a look ...

>> fair enuf.  how can we *help* ?
>
> Actually, I got off my ass and I'm merging them right now, as well as
> cleaning up some of alex's code.

great! not my fault ... ;-)

PLEASE post to the list if/when you've got something to test ...

>> yup.  i'd learned the same. the solution was to launch sasldauthd w/:
>>
>>        sasldauthd -a pam -r -c -n 0

> Yeah the only problem I see with this is that the realm will always be
> passed.  That means that the admin user will also have to have an @realm
> in the username (correct me if I'm wrong).

unclear.  but MAY be the reason i've been having 'issues' ...

>  If the admin user
> authenticates with a realm, then he will be locked into administration
> of only that realm from my experience.  If anyone can disprove this, I'd
> be very very happy to hear, because it's the one thing that's what's
> currently keeping me from using the pam_mysql.

>> unfortunately, using this setup w/ pam_mysql, although i can login/edit w/ web-cyradm & add users to /etc/sasldb2 w/ saslpasswd2, the *simplest*/first test of authentication with testsaslauthd simply fails ...
>
> Woah, you're adding users to /etc/sasldb2?

sorry, tangent.

the add-a-user-to-sasldb is ONLY to test saldauth using testsasldauth ... i understood it to be necessary

> This web-cyradm setup implies that users are stored in mysql.

exactly.  well, sorta.  hence, confusion on my part ...

Luc's HOWTO, in fact, refers in the install.html to the building of testsaslauthd, but, alas, never (unless i've missed it) talks to how -- if at all -- its to be used in verifying the web-cyradm setup

richard

More information about the Web-cyradm mailing list