On Tue, Jun 03, 2008 at 12:08:40PM -0400, Juan Miscaro wrote:

quoted text
> 2008/6/2 Jason Dixon :

>

> [...]

>

> >> >  In my case, I use Courier's authdaemond with MySQL, and Cyrus SASL's support for

> >> >  authenticating against authdaemond.

> >> >  I haven't read the link you posted, but just the idea of authenticating through PAM for

> >> >  mail service makes me want to puke.

> >>

> >> [...]

> >>

> >> I happen to do be doing exactly what you are but I don't understand

> >> the revulsion you harbour towards PAM in an email context.  Can you

> >> elaborate?

> >

> > PAM is an over-engineered piece of bloatware.  Why would you want to

> > abstract authentication when the bits you're using (Postfix/SASL,

> > Courier) already have native mechanisms (SASL smtpd->authdaemond,

> > Courier authdaemond) for talking to your backend store (MySQL)?

>

> Thank you.  I did hear, however, that you need to use PAM in order to

> have credentials encrypted (on the backend) in the scenario we're

> describing.  It felt weird populating MySQL with cleartext usernames

> and passwords.

Nope, you can store the md5-hashed passwords in MySQL.  Authdaemond

reads them fine.
--

Jason Dixon

DixonGroup Consulting

http://www.dixongroup.net/