Re: [tpop3d-discuss] MySQL Authentication

[Chris Elsworth]

On Sat, Jun 23, 2001 at 07:05:00PM +0100, Chris Lightfoot wrote:

> > That's what I've put into auth_mysql.c :
> > 
> > char user_pass_query_template[] =
> > "SELECT 
> > pop3_mbox.UserName,pop3_mbox.Password,pop3_mbox.MailPath,domain.UserID "
> >   "FROM pop3_mbox,domain "
> >  "WHERE pop3_mbox.UserName = '%s' "
> >    "AND domain.DomainName = '%s' "
> >    "AND pop3_mbox.DomainID = domain.pop3_pwID";
> > 
> > (same for APOP, even though I'm not currently using it)
> 
> Errm. Have you altered the code which gets those values
> out of the row returned by MySQL? If not, they will be
> coming out in the wrong order. auth_mysql.c gets them in
> the order:

Yeah, slight hiccup on my part that, I was originally getting them in the 
wrong order, and halfway through writing the mail noticed that, and fixed 
the order. Just didn't rewrite the mail properly, doh. That didn't fix 
it, however.

> -- if you reorder things to look like
> 
> SELECT pop3_mbox.MailPath, pop3_mbox.UserName,
>        pop3_mbox.Password, domain.UserID
>     [...]

Yep, that's how it is now.. Shame I have to edit the source though - do 
you have any plans to make it a #define or something, and have it set from 
configure, or perhaps the config? It would make upgrading easier for 
people who like me, have to edit it - and I'm sure that means almost 
everyone not using the vmail-sql package.

> it should work (assuming that address@hidden's mailspool
> is in MailPath/fred).
> 
> > But alas, I get:
> > 
> > auth_mysql_new_user_pass: address@hidden failed login with wrong 
> > passwordauth_
> > 
> > Am I doing the right thing, returning the right information?
> 
> Not quite, unless you've modified the authentication stuff
> separately. To use crypt_md5 as you appear to be doing,
> you need to insert {crypt_md5} before the password, like
> 
>     '{crypt_md5}$1$lJ$EN6ExaPgfp1d.T9w59/S4/'

That worked. Is this documented anywhere except in the source? I couldn't 
find it.

> If you don't want to put {crypt_md5} in, you can make that
> password format the default, by altering lines 483--508 of
> auth_mysql.c

More source hackery - any chance of a auth_mysql_crypt_type option? :)

Thanks for your help, it all works now :)

-- 
Chris Elsworth  -  Software & Systems Developer  /  Systems Administrator 
girls = time x money (and time is money)         .       address@hidden
      = money^2 (money is root of all evil)     . .    tel: 020 8371 1041 
      = _/(evil^2) = evil                   t h u s    mob: 07968 324 693