[tpop3d-discuss] MySQL Authentication

Chris Lightfoot chris at ex-parrot.com
Sun, 24 Jun 2001 01:11:08 +0100


On Sat, Jun 23, 2001 at 08:53:11PM +0100, Chris Elsworth wrote:
> On Sat, Jun 23, 2001 at 07:05:00PM +0100, Chris Lightfoot wrote:
> 
> > -- if you reorder things to look like
> > 
> > SELECT pop3_mbox.MailPath, pop3_mbox.UserName,
> >        pop3_mbox.Password, domain.UserID
> >     [...]
> 
> Yep, that's how it is now.. Shame I have to edit the source though - do 
> you have any plans to make it a #define or something, and have it set from 
> configure, or perhaps the config? It would make upgrading easier for 
> people who like me, have to edit it - and I'm sure that means almost 
> everyone not using the vmail-sql package.

Hmm. I did think about this, but concluded that it wasn't
worth doing, on the basis that to write a sensible way to
configure this at runtime (or even at compile time)
without editing source code would be a substantial
undertaking. Including a perl interpreter (auth_perl) or
allowing users to call into an external program
(auth_other) seems to me a better and more general
strategy. In particular, to allow people to choose a
database query at runtime is subject to a number of
subtleties and random design decisions; also, I don't wish
to implement additional database drivers (auth_pgsql;
auth_oracle; etc.), and I would be reluctant to include
numerous such things into the source tree on the basis
that it would make maintaining the program more difficult.
The DBD::... drivers in perl are sufficient for this
purpose, and I can't see any point in trying to replicate
that work.

> > it should work (assuming that fred@example.com's mailspool
> > is in MailPath/fred).
> > 
> > > But alas, I get:
> > > 
> > > auth_mysql_new_user_pass: mats@zakalwe.com failed login with wrong passwordauth_
> > > 
> > > Am I doing the right thing, returning the right information?
> > 
> > Not quite, unless you've modified the authentication stuff
> > separately. To use crypt_md5 as you appear to be doing,
> > you need to insert {crypt_md5} before the password, like
> > 
> >     '{crypt_md5}$1$lJ$EN6ExaPgfp1d.T9w59/S4/'
> 
> That worked. Is this documented anywhere except in the source? I couldn't 
> find it.

It's in the changelog (CHANGES file). It will be
documented in the new vmail-sql release (Paul?).

> > If you don't want to put {crypt_md5} in, you can make that
> > password format the default, by altering lines 483--508 of
> > auth_mysql.c
> 
> More source hackery - any chance of a auth_mysql_crypt_type option? :)

Probably not, for the reasons stated above, and because
the only reason that there's support for password hashes
without a keyword in {} is to remain backward-compatible
with old vmail-sql installations. If it had been
implemented this way from the start, there would be no
`default password format'.

> Thanks for your help, it all works now :)

Excellent.

-- 
Chris Lightfoot -- www.ex-parrot.com/~chris/
 ``We overbooked. But I can give you the co-pilot's seat
   if you know how to fly a 747.'' (Scott Adams, from `Dilbert')