Bug#731954: libsasl2-modules-sql: Support password_format: crypt for sql

Patrick Ben Koetter p at state-of-mind.de
Wed Dec 11 19:52:35 UTC 2013 

Alex,

sasl does not encrypt passwords with auxprop plugin sql or ldapdb on purpose,
because shared-secret mechanisms would not work anymore.

The patches around - I suspect you mean the one from russia - actually break
the sql plugin.

If you want crypted passwords in SQL use saslauthd with PAM to access SQL.

p at rick


* alex <alex at alexkavon.com>:
> Package: libsasl2-modules-sql
> Version: 2.1.25.dfsg1-6+deb7u1
> Severity: wishlist
>  
> 
> Dear Maintainer,
> 
> Encrypting the password in an sql database for sasl2 to use has been a long outstanding feature that needs to be fixed. There are currently a few methods of resolving the issue but they involve outdated patches as well as installing other packages as a work around to the solution. Fixing this issue could help resolve a major issue with sql databases and sasl2 and help promote cyrus as imap server.
> 
> The issue in question is the lack of support for the password_format: crypt option. As online security is ever more important this day and age, storing plain text passwords in a database isn't an acceptable use case. This functionality has been included with other libsasl2-modules-* packages. I honestly haven't found an answer as to why this functionality hasn't been included. If there is a reason, I apologize for the bug report but would also like an explanation so that I may document it accordingly.
> 
> Thank you for your time. I look forward to answering any more questions you may have about this issue and/or what the current fixes look like.
> 
> Best,
> Alex
> 
> 
> -- System Information:
> Debian Release: 7.2
> APT prefers stable
> APT policy: (500, 'stable')
> Architecture: amd64 (x86_64)
> 
> 
> Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
>  
> 
> Versions of packages libsasl2-modules-sql depends on:
> ii  libc6             2.13-38
> ii  libmysqlclient18  5.5.31+dfsg-0+wheezy1
> ii  libpq5            9.1.9-1
> ii  libsasl2-modules  2.1.25.dfsg1-6+deb7u1
> ii  libsqlite3-0      3.7.13-1+deb7u1
>  
> 
> libsasl2-modules-sql recommends no packages.
> libsasl2-modules-sql suggests no packages.
> -- no debconf information
> 
> _______________________________________________
> Pkg-cyrus-sasl2-debian-devel mailing list
> Pkg-cyrus-sasl2-debian-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-cyrus-sasl2-debian-devel

-- 
Patrick Ben Koetter
p at state-of-mind.de

More information about the Pkg-cyrus-sasl2-debian-devel mailing list