Mailing List Archive: DBMail: users

How to realise hashed passwords with SASL

Index | Next | Previous | View Threaded

claaskaehler at yfx

Aug 8, 2013, 3:39 AM

Post #1 of 4 (25 views)
Permalink

How to realise hashed passwords with SASL

Hi,

after the release-stress it seems more relaxed here again. Time for
stupid questions! ;)
Is it possible to realise a smtp-auth with hashed passwords in the
database?
Now i am using Cyrus-SASL and i am feeling very uncomfortable with all
the unencrypted passwords in the database.

Regards
Claas
_______________________________________________
DBmail mailing list
DBmail [at] dbmail
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail

h.reindl at thelounge

Aug 8, 2013, 3:54 AM

Post #2 of 4 (23 views)
Permalink

Re: How to realise hashed passwords with SASL [In reply to]

Am 08.08.2013 12:39, schrieb Claas Kähler:
> after the release-stress it seems more relaxed here again. Time for stupid questions! ;)
> Is it possible to realise a smtp-auth with hashed passwords in the database?
> Now i am using Cyrus-SASL and i am feeling very uncomfortable with all the unencrypted passwords in the database

if you look how CRAM-MD5 works it is clear that you can't have a hash
in the database because it is pretty impossible to verify the login

so you could only use PLAIN AUTH in case of encrypted passwords
in the database and force users to always use TLS

Attachments:

signature.asc (0.26 KB)

paul at nfg

Aug 8, 2013, 4:04 AM

Post #3 of 4 (23 views)
Permalink

Re: How to realise hashed passwords with SASL [In reply to]

On 08-08-13 12:39, Claas Kähler wrote:
> Hi,
>
> after the release-stress it seems more relaxed here again. Time for
> stupid questions! ;)
> Is it possible to realise a smtp-auth with hashed passwords in the
> database?
> Now i am using Cyrus-SASL and i am feeling very uncomfortable with all
> the unencrypted passwords in the database.

I never use unencrypted passwords - unless I'm testing - and I very much
use smtp-auth with saslauthd. Personally I prefer the rimap mechanism
when using authsql.

--
________________________________________________________________
Paul J Stevens pjstevns @ gmail, twitter, skype, linkedin

* Premium Hosting Services and Web Application Consultancy *

www.nfg.nl/info [at] nfg/+31.85.877.99.97
________________________________________________________________
_______________________________________________
DBmail mailing list
DBmail [at] dbmail
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail

lordvan at lordvan

Aug 9, 2013, 5:06 PM

Post #4 of 4 (13 views)
Permalink

Re: How to realise hashed passwords with SASL [In reply to]

On 2013-08-08 13:04, Paul J Stevens wrote:
> On 08-08-13 12:39, Claas KÃ¤hler wrote:
>> Hi,
>>
>> after the release-stress it seems more relaxed here again. Time for
>> stupid questions! ;)
>> Is it possible to realise a smtp-auth with hashed passwords in the
>> database?
>> Now i am using Cyrus-SASL and i am feeling very uncomfortable with
>> all
>> the unencrypted passwords in the database.
>
> I never use unencrypted passwords - unless I'm testing - and I very
> much
> use smtp-auth with saslauthd. Personally I prefer the rimap mechanism
> when using authsql.

Hi.

funny thing you having a similar "issue" than me the other day.
there is an easy solution:
add this to your sasl startup config ( /etc/conf.d/saslauthd in
Gentoo):

-arimap -O localhost

(obviously replace localhost with your hostname if it is a different
machine)

That way you can have your passwords encrypted in the db and still use
SASL :)

Just did this on thursday ;) maybe should blog it or put it in the wiki
(if it is up again i am too lazy to check now)

Regards
_______________________________________________
DBmail mailing list
DBmail [at] dbmail
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads