Re: synchronize sendemail / cyrus / ftp / ssh password

On Sat, 23 Jun 2007, Till Wimmer wrote:

i'm running a server for several customers using cyrus/IMAP, sendmail,
apache2 and ssh.

I'm looking for a way to store all the passwords for them in _one_
database so i can manage them easily by a web interface.

By artifically tying the database concept to a GUI, you may
limit your choices severely.

My solution was to store the passwords in a MySQL table.
Now the problem is that cyrus and sendmail use sasldb for
authentication, but ssh uses PAM.

I use LDAP for sendmail, apache2, sasl, pam, and dovecot (instead of
cyrus).

All non-system users are defined in ldap, and can logon to any machine
that happens to be replicating the database.

This is rather unsatisfying because libpam_mysql, libsasl2_modules_sql
and mod_auth_mysql (apache) all have quite different approaches /
ideologies.

Yes, even with LDAP there are a few things that make you go 'wtf?!?'

I had to store the passwords in plaintext because of the sasl interface,
but the new mod_auth_mysql will allow encrypted passwords only... that's
only one of the issues.

I have slapd store the passwords in crypt format - so normal shadow
services continue to work as before

Maybe somebody is using a similar configuration?

I'm a small shop, but found it easier to help others if I ran my setup
closer to theirs

--
Rick Nelson
That's the funniest thing I've ever heard and I will _not_ condone it.
-- DyerMaker, 17 March 2000 MegaPhone radio show


--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx

Relevant Pages

  • synchronize sendemail / cyrus / ftp / ssh password
    ... apache2 and ssh. ... My solution was to store the passwords in a MySQL table. ... authentication, but ssh uses PAM. ...
    (Debian-User)
  • Re: Bullies get into FireFox, and make a mess in F-14, way too easily, forcing me to DBAN the hd
    ... Are you running Firefox as root or as a normal user? ... Could the bullies know your passwords? ... Do these bullies have physical access to your PC? ... I dislike the default ssh server configuration on Fedora. ...
    (Fedora)
  • Re: security issues
    ... It was obviously never meant to be; multiple defences against it being ... The Ubuntu installer uses a framework called debconf to do ... when you're asking for passwords ... you take a lot of care to clean them out of the database ...
    (Ubuntu)
  • Re: Pathname to access and usernames in shortcut
    ... >> network drive (for maintenance reasons initially, ... >> using usernames but no passwords. ... change their passwords within the access database (they won't know how ... >> gets the current username from the system and then calls access (via the ...
    (microsoft.public.access.security)
  • UPDATE Re: rlogin - security question [expanded to smartcard technology]
    ... explinations of ssh etc. ... 0-13-100092-6) with the words "The Official Sun Microsystems Resource ... place root / users cannot set/change passwords. ... > we are required to allow rlogin access to all by means of .rhosts files. ...
    (SunManagers)