move at inbox
Jan 30, 2009, 5:25 AM
Post #2 of 2
(318 views)
Permalink
|
Hey,
I thought I'd give a heads up on how I solved it. Let me first
describe a problem again in a couple of short words.
It was necessary to use passwords from dbmail mysql database to
authenticate users for SMTP. Since it was undesirable to create new
passwords for all 200+ users, and the previous mail system was keeping
passwords in shadow file, the shadow file password format had to be
accepted.
Configuring authenticators, it was clear that exim's md5 function
returns 16 character md5 sum, just as php returns it when using md5
etc. (or, as dbmail documentation calls it, md5-digest, which to me
doesn't sound correct). However, passwords imported from shadow file
has another md5 format, in dbmail documentation called md5-hash.
Now, the solution was to use saslauthd with rimap authentication
mechanism. Here's the config I used on FreeBSD.
1) in /etc/rc.conf
saslauthd_enable="YES"
saslauthd_flags="-a rimap -O localhost"
2) following authenticators
begin authenticators
plain:
driver = plaintext
public_name = PLAIN
server_condition = ${if saslauthd{{$2}{$3}}{1}{0}}
server_set_id = $2
server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}}
login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = ${if saslauthd{{$1}{$2}}{1}{0}}
server_set_id = $1
server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}}
3) Launch saslauthd
/usr/local/etc/rc.d/saslauthd start
4) Restart exim
/usr/local/etc/rc.d/exim restart
So, hopefully this will save somebody couple of hours of head
scratching.
Best regards,
Matiss
Quoting Matiss : First off, I know that this is a exim thing. I
already asked this on their mailing list, but hoped maybe someone here
could help me out.
So, as all of you know, there are several types of md5 available in
dbmail. The one I need is md5-hash, which is used in shadow file (hope
I'm right here!) from which I'm importing user passwords.
However, exim's md5 function seem to expect md5-digest. This is only
half-good - because although I would be able to keep my passwords
encrypted, I'd still have to manually change them for all 200+ users.
The question is.. maybe there's a way to tell exim to use md5-hash?
or I don't know, convert md5-hash to md5-digest? Or there is no
solution and I must get my running skills up to par to attend all
those computers with new passwords? :)
Best regards,
Matiss
-- Tavs bezmaksas pasts Inbox.lv
Links:
------
[1] mailto:move[at]inbox.lv
|
