Cyrus-SASL 2.1.x patches

Updates from pieps:

You might also want to take a look at my mail server setup guide, specifically the part regarding Cyrus SASL, as it natively handles the auth of encrypted passwords in a less kludgey way and doesn't keep you from using current versions of things.

NOTE: This page is mirrored from http://frost.ath.cx/software/cyrus-sasl-patches, and is the property of the author.
His site was down occasionally, so I've mirrored it here for convenience.
If there's something wrong with this page, and not with Brane's, feel free to email me at nick (at) pieps (dot/period) org

The following software is provided for free. You can do with it, whatever you want. Software is provided "AS IS", without any warranty at all (including the implied warranties of merchantability and fitness for a particular purpose).

If you like this piece of software, send me a postcard from somewhere :)
Snail mail address:
Branko F. Gracnar
Rakitovec 13
3263 Gorica pri Slivnici
Slovenia
Europe

Available patches:

checkpw.c

This patch makes cyrus-sasl to authenticate crypt(3) hashed passwords from various backends (auxprop plugins) - so you can authenticate crypt hashed passwords in your sql database (this is probably why are you reading this homepage).

Patch adds the following plugin configuration directive:

password_format: [plaintext|crypt|crypt_trad]

Installation

- Download cyrus-sasl-2.1.x.tar.gz from ftp://ftp.ANDrew.cmu.edu/pub/cyrus-mail/ (Also downloadable locally, here)
- Download checkpw.c patch from download page
- Unpack distribution (tar zxf cyrus-sasl-2.1.x.tar.gz)
- Enter source directory (cd cyrus-sasl-2.1.x)
- Apply patch (patch -p0 < ../cyrus-sasl-2.1.x-checkpw.c.patch)
- Run configure (./configure)
- Compile it (make)
- Install it (make install)
FreeBSD ports collection
- Download FreeBSD version of checkpw.c patch from download page
- Put patch files in directory /usr/ports/security/cyrus-sasl2/files

Configuration

Configuration directive can be set to the following values:

plaintext - passwords are stored in plaintext format - this is default
crypt - passwords are stored as modular crypt hashes (md5 or blowfish crypt)
crypt_trad - passwords are stored as des crypt hashes (2 character salt crypt)

If configuration directive password_format is not specified, then passwords are considered to be in a PLAINTEXT format.

Example mailserver configuration (file smtpd.conf):

pwcheck_method: auxprop
auxprop_plugin: sql
allowanonymouslogin: no
allowplaintext: yes
mech_list: PLAIN LOGIN
srp_mda: md5

srvtab: /dev/null
opiekeys: /dev/null

password_format: crypt

sql_user: username
sql_passwd: password
sql_hostnames: sql.example.org
sql_database: database_name
sql_select: SELECT password FROM mailbox WHERE username = '%u' AND realm = '%r'

Download

Contact

You are free to contact me on my personal email address.