From: Simon Matter (simon dot matter at ch dot sauter-bc dot com)
Date: Fri Mar 12 2004 - 01:29:33 EST
> We're running all of this on RH 7.3. We may be switching to BSD once
OT: RedHat has already dropped 'support' for RedHat 7.3. You may look at
the Fedora Legacy Project http://fedoralegacy.org/ for updates.
HTH
Simon
> Redhat drops its support at the end of the year... depends on what that
> entails in it's entirety since we don't really use Redhat's support
> anyways.
> But it kind of make me weary since you can't get it working at all. It
> would
> really hurt my head to know that we have to switch from RH to BSD and
> everything we've migrated and done is now useless - that would be hard to
> explain to our customers... hmmm...
> I played around with the realm function and it always uses domain1.
> For instance, when it queries the database, even if we're going for
> janedoe
> at domain2 - it says:
>
> Select password from users where username='janedoe at domain1 dot com'
>
> The %p always returns the auth mech we're using - so the actual
> query logs report:
>
> "select password from users where username='janedoe' and
> password='saslauthPLAIN'"
>
>
> We could add more realms but then I run into the problem of
> importing domains where the users are used to using just their username to
> authenticate (we will be hosting the mail for other domains with thousands
> of users, so it needs to be a seamless migration; just change an mx record
> and cross your fingers).
> Do you have an idea I haven't thought of yet? I suppose I could do a
> Mysql "like"... but then it would still take the first entry and not the
> second (or third, or fourth, et cetera).
>
> - Demian
>
>
> -----Original Message-----
> From: Remko Lodder [mailto:remko at elvandar dot org]
> Sent: Thursday, March 11, 2004 2:38 PM
> To: dwt; cyrus-sasl at lists dot andrew dot cmu dot edu
> Subject: RE: SASL 2.1.17 with auxprop to Myqsl
>
> Select username from users where password='%p' and username='%u';
> try using '%u@%r' at the username section
>
> => user at realm, so that
>
> Note that i am interested in what platform you run it on, on OpenBSD i
> dont
> get it working at all :-)
>
> Cheers
>
> --
>
> Kind regards,
>
> Remko Lodder
> Elvandar.org/DSINet.org
> www.mostly-harmless.nl Dutch community for helping newcomers on the
> hackerscene
>
> -----Oorspronkelijk bericht-----
> Van: owner-cyrus-sasl at lists dot andrew dot cmu dot edu
> [mailto:owner-cyrus-sasl at lists dot andrew dot cmu dot edu]Namens dwt
> Verzonden: donderdag 11 maart 2004 20:09
> Aan: cyrus-sasl at lists dot andrew dot cmu dot edu
> Onderwerp: SASL 2.1.17 with auxprop to Myqsl
>
>
> Hi,
> I spent quite a bit of time digging through the archives.. 3 hours
> to be exact. I saw a couple similar requests, yet didn't see one of them
> get
> answered. I'm hoping this one has better luck.
>
> Smtpd.conf:
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> pwcheck_method: auxprop
> auxprop_plugin: sql
> sql_engine: mysql
> mech_list: plain login
>
> sql_user: removed
> sql_passwd: removed
> sql_hostnames: localhost
> sql_database: postfix
> sql_statement: select Password from users where username='%u';
> sql_verbose: true
>
> ---------------------------------
>
> This setup works fine with one domain. Not a single glitch ever.
> Regardless of how frustrating SASL may be to configure and compile, I have
> to give it a gold star on reliability. But now I've run into a problem.
> I'm
> building a massive server to support multiple domains: Courier IMAP,
> Postfix, and Mysql as an authentication module on all ends with Cyrus SASL
> for the outbound authentication. All users for all domains are stored in
> our
> one database table, "users".
> So in this instance we have janedoe at domain1 dot com with password
> pickles and janedoe at domain2 dot com with password plums. The problem we've
> found
> is, when SASL hits up the database to authenticate the user, it finds the
> first entry and then stops. So when janedoe at domain2 dot com tries to send
> mail,
> with her password plums, SASL looks through the database for janedoe and
> sees the password as pickles and thus rejects the authentication attempt.
> The solution is to make a statement that looks for the password and
> the username and then compares the two with the authentication attempt
> such
> as:
>
> Select username from users where password='%p' and username='%u';
>
> I know %p doesn't give me what I want... but I was hoping there was
> some way I could make it what I want since according to some documentation
> I
> read, %p can "technically be anything".
>
> Any ideas or suggestions... or if you know exactly how to correct this
> problem... would be great appreciated.
>
> Thank you,
> - Demian
>
>
>
>
|
|
|