Ken, Thanks for the reply.
Yes, my new server is RH ES3 with all the most recent versions of Cyrus imap/sasl/postfix/mysql ...
Which version of SASL? You definitely want 2.1.17.
Where do I read about autotransition into the SQL auxprop plugin? Does this mean that after I transition my existing users, I still need to create /etc/shadow entries in order to esatblish new accounts in thge mysql database. I planned to use webcyradm to manage accounts.
Just read the docs on how to configure the SQL auxprop plugin. Then in your imapd.conf file, you'll have options like the following:
sasl_mech_list: PLAIN LOGIN sasl_auto_transition: yes sasl_pwcheck_method: auxprop saslauthd sasl_auxprop_plugin: sql sasl_sql_engine: mysql sasl_sql_select: ... sasl_sql_insert: ... sasl_sql_update: ...
And you'll need to run:
saslauthd -a shadow
This config will limit the server to plaintext authentication which will happen against /etc/shadow and then the password will be inserted into mysql. The next time the user authenticates, the password will be pulled from mysql (given the order of pwcheck_method).
Once all of your users have authenticated at least once, you can remove the mech_list option or add other mechs to the list.
On Thu, 22 Jan 2004, Ken Murchison wrote:
Shelley Waltz wrote:
> I am installing a new postfix-cyrus mail server.
> I currently have cyrus-imap 1.6.24 authing PLAIN
> from /etc/shadow.
> > I wish to migrate the passwords(md5) from the shadow file to
> a mysql database and use this to auth PLAIN using TLS.
> Is there a script available to do so - to migrate the users
> from the shadow file and create the records for mysql authentication?
> > I did search, but found nothing.
First, I'd strongly suggest that you upgrade to a recent version of Cyrus, either 2.1.16 or 2.2.3. To do this, you'll need a recent version of SASL (I'd suggest 2.1.17). Then, you just configure Cyrus/SASL to authentication plaintext from /etc/shadow and have it autotransition passwords into the SQL auxprop plugin.
-- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
