Ken, Thanks for the very clear instructions on how this works. One thing which does not make sense is the removal of the mech_list option subsequent to all users in the shadow file having auth'd once. ???
Also, why are the transitioned passwords stored in plaintext in the mysql database? regards Shelley On Thu, 22 Jan 2004, Ken Murchison wrote: Shelley Waltz wrote: > Ken, Thanks for the reply. > > Yes, my new server is RH ES3 with all the most recent versions of > Cyrus imap/sasl/postfix/mysql ... Which version of SASL? You definitely want 2.1.17. > Where do I read about autotransition into the SQL auxprop plugin? > Does this mean that after I transition my existing users, I still > need to create /etc/shadow entries in order to esatblish new accounts > in thge mysql database. I planned to use webcyradm to manage accounts. Just read the docs on how to configure the SQL auxprop plugin. Then in your imapd.conf file, you'll have options like the following: sasl_mech_list: PLAIN LOGIN sasl_auto_transition: yes sasl_pwcheck_method: auxprop saslauthd sasl_auxprop_plugin: sql sasl_sql_engine: mysql sasl_sql_select: ... sasl_sql_insert: ... sasl_sql_update: ... And you'll need to run: saslauthd -a shadow This config will limit the server to plaintext authentication which will happen against /etc/shadow and then the password will be inserted into mysql. The next time the user authenticates, the password will be pulled from mysql (given the order of pwcheck_method). Once all of your users have authenticated at least once, you can remove the mech_list option or add other mechs to the list. > On Thu, 22 Jan 2004, Ken Murchison wrote: > > Shelley Waltz wrote: > > > I am installing a new postfix-cyrus mail server. > > I currently have cyrus-imap 1.6.24 authing PLAIN > > from /etc/shadow. > > > > I wish to migrate the passwords(md5) from the shadow file to > > a mysql database and use this to auth PLAIN using TLS. > > Is there a script available to do so - to migrate the users > > from the shadow file and create the records for mysql authentication? > > > > I did search, but found nothing. > > First, I'd strongly suggest that you upgrade to a recent version of > Cyrus, either 2.1.16 or 2.2.3. To do this, you'll need a recent version > of SASL (I'd suggest 2.1.17). Then, you just configure Cyrus/SASL to > authentication plaintext from /etc/shadow and have it autotransition > passwords into the SQL auxprop plugin. > > > >
