# migrating from pam_mysql/sasl to sasl auxprop w/ crypt passw

## msalerno

I am trying to get sasl to work with encrypted passwords stored in a mysql database for postfix. I currently have this working with pam_mysql, but I should be able to do this with just sasl since it has all of the necessary patches.  I have read through the forums and found a few other people with this problem, but nobody has been able to post a solution, it usually just magically works.  I can authenticate using Plain text passwords, but if I use crypt or md5 to encrypt the passwords in the databse, it doesn't work.

Here are my configs:

```
[ebuild R ] dev-libs/cyrus-sasl-2.1.20  -authdaemond +berkdb -debug +gdbm* -java -kerberos -ldap +mysql +pam -postgres +ssl -static 0 kB
```

I have also tried compiling sasl with specifying the use flags from another post I read on these forums for the hell of it:

```
USE="-authdaemond berkdb crypt -debug -gdbm -java -kerberos -ldap mysql -ntlm_unsupported_patch pam -postgres -sample -srp ssl -static -urandom" emerge cyrus-sasl
```

Here are my use flags from my make.conf:

```
USE="bash-completion berkdb bzlib caps ftp hardened hardenedphp mmx sse crypt fbcon ncurses pam perl spell ssl zlib szip x86 maildir imap apache2 curl mysql innodb xml gd gd-external sasl postfix -cups -gnome -X -gtk -kde -qt"
```

/etc/sasl2/smtpd.conf:

Taken from: http://wispdirect.com/docs/sasl-howto.html

```
pwcheck_method: auxprop

auxprop_plugin: sql

allowanonymouslogin: no

allowplaintext: yes

mech_list: PLAIN LOGIN

srp_mda: md5

srvtab: /dev/null

opiekeys: /dev/null

password_format: crypt

sql_user: dbmail

sql_passwd: mypassword

sql_hostnames: localhost

sql_database: dbmail

sql_select: SELECT passwd FROM dbmail_users WHERE userid = '%u@%r'

log_level: 10
```

/etc/conf.d/saslauthd:

```

SASLAUTHD_OPTS=""

SASLAUTHD_OPTS="${SASLAUTH_MECH} -a pam -r"
```

And last but not least, the output in my logs:

```
[postfix/smtpd] > unknown[192.168.10.252]: 250 8BITMIME

[postfix/smtpd] watchdog_pat: 0x80074470

[postfix/smtpd] < unknown[192.168.10.252]: AUTH LOGIN

[postfix/smtpd] smtpd_sasl_authenticate: sasl_method LOGIN

[postfix/smtpd] smtpd_sasl_authenticate: uncoded challenge: Username:

[postfix/smtpd] > unknown[192.168.10.252]: 334 CHANGEDBYME

[postfix/smtpd] < unknown[192.168.10.252]: CHANGEDBYMECHANGEDBYMECHANGEDBYME=

[postfix/smtpd] smtpd_sasl_authenticate: decoded response: test@foo.bar

[postfix/smtpd] smtpd_sasl_authenticate: uncoded challenge: Password:

[postfix/smtpd] > unknown[192.168.10.252]: 334 CHANGEDBYME

[postfix/smtpd] < unknown[192.168.10.252]: CHANGEDBYME

[postfix/smtpd] smtpd_sasl_authenticate: decoded response: CHANGEDBYME

[postfix/smtpd] warning: unknown[192.168.10.252]: SASL LOGIN authentication failed

[postfix/smtpd] > unknown[192.168.10.252]: 535 Error: authentication failed

[postfix/smtpd] watchdog_pat: 0x80074470

[postfix/smtpd] smtp_get: EOF

[postfix/smtpd] lost connection after AUTH from unknown[192.168.10.252]

[postfix/smtpd] disconnect from unknown[192.168.10.252]

[postfix/smtpd] master_notify: status 1

[postfix/smtpd] connection closed
```

Anyone?

----------

## msalerno

BUMP!

----------

## langthang

You have:

```
[ebuild R ] dev-libs/cyrus-sasl-2.1.20  -authdaemond +berkdb -debug +gdbm* -java -kerberos -ldap +mysql +pam -postgres +ssl -static 0 kB
```

You need:

```
[ebuild   R   ] dev-libs/cyrus-sasl-2.1.20-r2  -authdaemond +berkdb +crypt -debug -gdbm +java* -kerberos -ldap +mysql -ntlm_unsupported_patch +pam -postgres -sample -srp +ssl -static -urandom
```

for crypt password

----------

## msalerno

I noticed that it was missing from my output.  I have crypt in my use flags, but it does not show up when I do an emerge -pv?

Even when I do a:

# USE="-authdaemond berkdb crypt -debug -gdbm -java -kerberos -ldap mysql -ntlm_unsupported_patch pam -postgres -sample -srp ssl -static -urandom" emerge cyrus-sasl -pv

These are the packages that I would merge, in order:

Calculating dependencies ...done!

[ebuild   R   ] dev-libs/cyrus-sasl-2.1.20  -authdaemond +berkdb -debug -gdbm -java -kerberos -ldap +mysql +pam -postgres +ssl -static 0 kB

----------

## hanj

Hello

Your version is different...

 *Quote:*   

> [ebuild R ] dev-libs/cyrus-sasl-2.1.20

 

The version you'll need is dev-libs/cyrus-sasl-2.1.20-r2 which supports crypt. Try adding this to /etc/portage/package.keywords

```
dev-libs/cyrus-sasl     ~x86
```

and re-emerge again.

hanji

----------

## langthang

ok, let me rephrase. You need dev-libs/cyrus-sasl-2.1.20-r2  which is ~arch. It looks like you are on "stable" profile. You need to:

```
touch /etc/portage/package.keywords; echo "=dev-libs/cyrus-sasl-2.1.20-r2" >> /etc/portage/package.keywords
```

assumed you are on x86 arch. Or wait until cyrus-sasl-2.1.20-r2 goes "stable"

----------

## msalerno

WOW!  Thanks for all of the help guys!

All I had to do was:

ACCEPT_KEYWORDS="~x86" emerge -v cyrus-sasl

restarted the sasl daemon, and everything worked before I could even tail the logs.

I can finally close this project.  This is the one thing that has been holding me up.

Once again, thanks.

----------

