Next message: Remko Lodder: "RE: SASL 2.1.17 with auxprop to Myqsl"
Hi,
I spent quite a bit of time digging through the archives.. 3 hours
to be exact. I saw a couple similar requests, yet didn't see one of them get
answered. I'm hoping this one has better luck.
Smtpd.conf:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
pwcheck_method: auxprop
auxprop_plugin: sql
sql_engine: mysql
mech_list: plain login
sql_user: removed
sql_passwd: removed
sql_hostnames: localhost
sql_database: postfix
sql_statement: select Password from users where username='%u';
sql_verbose: true
---------------------------------
This setup works fine with one domain. Not a single glitch ever.
Regardless of how frustrating SASL may be to configure and compile, I have
to give it a gold star on reliability. But now I've run into a problem. I'm
building a massive server to support multiple domains: Courier IMAP,
Postfix, and Mysql as an authentication module on all ends with Cyrus SASL
for the outbound authentication. All users for all domains are stored in our
one database table, "users".
So in this instance we have janedoe at domain1 dot com with password
pickles and janedoe at domain2 dot com with password plums. The problem we've found
is, when SASL hits up the database to authenticate the user, it finds the
first entry and then stops. So when janedoe at domain2 dot com tries to send mail,
with her password plums, SASL looks through the database for janedoe and
sees the password as pickles and thus rejects the authentication attempt.
The solution is to make a statement that looks for the password and
the username and then compares the two with the authentication attempt such
as:
Select username from users where password='%p' and username='%u';
I know %p doesn't give me what I want... but I was hoping there was
some way I could make it what I want since according to some documentation I
read, %p can "technically be anything".
Any ideas or suggestions... or if you know exactly how to correct this
problem... would be great appreciated.
Thank you,
- Demian
