Postfix and Courier - TLS and hashed passwords

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Postfix and Courier - TLS and hashed passwords

Juan Miscaro-2
Hi, I am currently using Postfix 2.6 on OpenBSD 4.3.  I have
implemented SMTP-AUTH and STARTTLS with SQL backend (MySQL).  I am
also using Courier as my IMAP server.  The bummer is that my passwords
on the backend are cleartext.  I would like to change over to hashed
passwords such as what I can get with the MD5 algorithm or the crypt
function.  I'm just not sure how to do that.  Courier has the
authdaemonrc file which contains the 'authmysql' authentication
module.  In turn, the authmysqlrc file contains:

#MYSQL_CRYPT_PWFIELD    crypt
MYSQL_CLEAR_PWFIELD     clear

Thanks in advance,

/juan
Reply | Threaded
Open this post in threaded view
|

Re: Postfix and Courier - TLS and hashed passwords

mouss-2
Juan Miscaro wrote:

> Hi, I am currently using Postfix 2.6 on OpenBSD 4.3.  I have
> implemented SMTP-AUTH and STARTTLS with SQL backend (MySQL).  I am
> also using Courier as my IMAP server.  The bummer is that my passwords
> on the backend are cleartext.  I would like to change over to hashed
> passwords such as what I can get with the MD5 algorithm or the crypt
> function.  I'm just not sure how to do that.  Courier has the
> authdaemonrc file which contains the 'authmysql' authentication
> module.  In turn, the authmysqlrc file contains:
>
> #MYSQL_CRYPT_PWFIELD    crypt
> MYSQL_CLEAR_PWFIELD     clear
>

You forgot to tell us how postfix does authentication. I guess it's with
cyrus-sasl. if so, tell us more about how you configured cyrus-sasl.

if cyrus-sasl uses authdaemon, then all you need is to configure
authdaemon (which is used by courier-imap).
Reply | Threaded
Open this post in threaded view
|

Re: Postfix and Courier - TLS and hashed passwords

Juan Miscaro-2
2008/7/20 mouss <[hidden email]>:

> Juan Miscaro wrote:
>>
>> Hi, I am currently using Postfix 2.6 on OpenBSD 4.3.  I have
>> implemented SMTP-AUTH and STARTTLS with SQL backend (MySQL).  I am
>> also using Courier as my IMAP server.  The bummer is that my passwords
>> on the backend are cleartext.  I would like to change over to hashed
>> passwords such as what I can get with the MD5 algorithm or the crypt
>> function.  I'm just not sure how to do that.  Courier has the
>> authdaemonrc file which contains the 'authmysql' authentication
>> module.  In turn, the authmysqlrc file contains:
>>
>> #MYSQL_CRYPT_PWFIELD    crypt
>> MYSQL_CLEAR_PWFIELD     clear
>>
>
> You forgot to tell us how postfix does authentication. I guess it's with
> cyrus-sasl. if so, tell us more about how you configured cyrus-sasl.
>
> if cyrus-sasl uses authdaemon, then all you need is to configure authdaemon
> (which is used by courier-imap).
>

Sorry mouss,

Yes, I am using authdaemon and I figure I need

MYSQL_CRYPT_PWFIELD    crypt

in authmysqlrc but I'm not sure how a password should look like inside
MySQL.  For instance, in the case of MD5 I think it should literally
look like

{MD5}passwordhash

but I'm not sure about crypt.

/juan
Reply | Threaded
Open this post in threaded view
|

Re: Postfix and Courier - TLS and hashed passwords

mouss-2
Juan Miscaro wrote:

> 2008/7/20 mouss <[hidden email]>:
>> Juan Miscaro wrote:
>>> Hi, I am currently using Postfix 2.6 on OpenBSD 4.3.  I have
>>> implemented SMTP-AUTH and STARTTLS with SQL backend (MySQL).  I am
>>> also using Courier as my IMAP server.  The bummer is that my passwords
>>> on the backend are cleartext.  I would like to change over to hashed
>>> passwords such as what I can get with the MD5 algorithm or the crypt
>>> function.  I'm just not sure how to do that.  Courier has the
>>> authdaemonrc file which contains the 'authmysql' authentication
>>> module.  In turn, the authmysqlrc file contains:
>>>
>>> #MYSQL_CRYPT_PWFIELD    crypt
>>> MYSQL_CLEAR_PWFIELD     clear
>>>
>> You forgot to tell us how postfix does authentication. I guess it's with
>> cyrus-sasl. if so, tell us more about how you configured cyrus-sasl.
>>
>> if cyrus-sasl uses authdaemon, then all you need is to configure authdaemon
>> (which is used by courier-imap).
>>
>
> Sorry mouss,
>
> Yes, I am using authdaemon and I figure I need
>
> MYSQL_CRYPT_PWFIELD    crypt
>
> in authmysqlrc but I'm not sure how a password should look like inside
> MySQL.  For instance, in the case of MD5 I think it should literally
> look like
>
> {MD5}passwordhash
>
> but I'm not sure about crypt.


mysql> SELECT ENCRYPT('foo') AS crypt;
+---------------+
| crypt         |
+---------------+
| M2MYy/PpPk7zM |
+---------------+