[tpop3d-discuss] MySQL Authentication
Chris Lightfoot
chris at ex-parrot.com
Sun, 24 Jun 2001 01:11:08 +0100
On Sat, Jun 23, 2001 at 08:53:11PM +0100, Chris Elsworth wrote:
> On Sat, Jun 23, 2001 at 07:05:00PM +0100, Chris Lightfoot wrote:
>
> > -- if you reorder things to look like
> >
> > SELECT pop3_mbox.MailPath, pop3_mbox.UserName,
> > pop3_mbox.Password, domain.UserID
> > [...]
>
> Yep, that's how it is now.. Shame I have to edit the source though - do
> you have any plans to make it a #define or something, and have it set from
> configure, or perhaps the config? It would make upgrading easier for
> people who like me, have to edit it - and I'm sure that means almost
> everyone not using the vmail-sql package.
Hmm. I did think about this, but concluded that it wasn't
worth doing, on the basis that to write a sensible way to
configure this at runtime (or even at compile time)
without editing source code would be a substantial
undertaking. Including a perl interpreter (auth_perl) or
allowing users to call into an external program
(auth_other) seems to me a better and more general
strategy. In particular, to allow people to choose a
database query at runtime is subject to a number of
subtleties and random design decisions; also, I don't wish
to implement additional database drivers (auth_pgsql;
auth_oracle; etc.), and I would be reluctant to include
numerous such things into the source tree on the basis
that it would make maintaining the program more difficult.
The DBD::... drivers in perl are sufficient for this
purpose, and I can't see any point in trying to replicate
that work.
> > it should work (assuming that fred@example.com's mailspool
> > is in MailPath/fred).
> >
> > > But alas, I get:
> > >
> > > auth_mysql_new_user_pass: mats@zakalwe.com failed login with wrong passwordauth_
> > >
> > > Am I doing the right thing, returning the right information?
> >
> > Not quite, unless you've modified the authentication stuff
> > separately. To use crypt_md5 as you appear to be doing,
> > you need to insert {crypt_md5} before the password, like
> >
> > '{crypt_md5}$1$lJ$EN6ExaPgfp1d.T9w59/S4/'
>
> That worked. Is this documented anywhere except in the source? I couldn't
> find it.
It's in the changelog (CHANGES file). It will be
documented in the new vmail-sql release (Paul?).
> > If you don't want to put {crypt_md5} in, you can make that
> > password format the default, by altering lines 483--508 of
> > auth_mysql.c
>
> More source hackery - any chance of a auth_mysql_crypt_type option? :)
Probably not, for the reasons stated above, and because
the only reason that there's support for password hashes
without a keyword in {} is to remain backward-compatible
with old vmail-sql installations. If it had been
implemented this way from the start, there would be no
`default password format'.
> Thanks for your help, it all works now :)
Excellent.
--
Chris Lightfoot -- www.ex-parrot.com/~chris/
``We overbooked. But I can give you the co-pilot's seat
if you know how to fly a 747.'' (Scott Adams, from `Dilbert')