postfix pam_mysql authentication SHA512/SHA256 on Feb 19, 2019; 10:53am In our postfix setup, we are using the pam_mysql module for SASL authentication from the MySQL database. (http://ryandoyle.net/posts/bringing-postfix-cyrus-sasl-saslauthd-pam_mysql_and_mysql_all_together/)
We are using SHA512_CRYPT() for storing password using ENCRYPT() MySQL function. This works fine. However, ENCRYPT() function deprecated in MYSQL 8. Hence we are trying to figure out an alternative way to move the encryption from SHA512_CRYPT to SHA512 / SHA256 or similar Even though the pam_mysql github repo (https://github.com/NigelCunningham/pam-MySQL) supports SHA512, it's doesn't seem to be available in the latest release pam_mysql-0.8.1-0.22 Only other options available with the latest version of pam_mysql are a crypt, md5, and sha1. Since these are not good hashing algo's we don't want to use them. Also, we think using Dovecot backends for SASL authentication will create SPOFs and would like to keep postfix's SASL authentication independent of Dovecot. Please suggest an SASL authentication mechanism which we can use with postfix to authenticate the user with SHA512 or SHA256 (Not SHA512-CRYPT) from MySQL Database. postfix : main.cf smtpd_sasl_auth_enable = yes smtpd_sasl_path = smtpd cat /etc/sasl2/smtpd.conf pwcheck_method: saslauthd mech_list: plain login #log_level: 5 /etc/pam.d/smtp auth required pam_mysql.so user=mailuser passwd=pwd host=hostname db=dbname table=table-name usercolumn=user passwdcolumn=pwd crypt=1 debug account sufficient pam_mysql.so user=mailuser passwd=pwd host=hostname db=dbname table=table-name usercolumn=user passwdcolumn=email crypt=1 debug -- Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
