Page 1 of 1
Scalix alternative user auth
Posted: Thu Feb 22, 2007 10:28 am
by xyon
Hey everyone,
Is it possible (via pam_mysql or other means) to have Scalix POP/IMAP users authorized against a custom MySQL database? I noticed the below linked thread, and appears promising as it can be done with kerberos, or am I misunderstanding the thread?
viewtopic.php?t=2554
Posted: Thu Feb 22, 2007 3:14 pm
by kanderson
I've never trie it, but Scalix uses PAM for auth, so it should be doable, yes.
Posted: Thu Feb 22, 2007 7:05 pm
by xyon
Excellent.. I will proceed and post back here my findings.. Thank you for the info!
Posted: Mon Apr 02, 2007 5:33 pm
by xyon
I've finally gotten the time to install Scalix and the install and config went great without any issues.
I am,however, having a hard time getting Scalix to auth against our custom database. Here are some snippets:
Code: Select all
# grep -v ^# /var/opt/scalix/sx/s/sys/pam.d/ual.remote
auth sufficient /lib/security/pam_mysql.so \
user_unknown=ignore \
user=scalix passwd=mypass \
host=127.0.0.1 db=staging table=users \
usercolumn=scalix passwdcolumn=pwd \
crypt=0 verbose=1
auth required pam_deny
account required om_auth
password required om_auth nullok
/var/log/secure:
Code: Select all
Apr 2 17:24:45 scalix last message repeated 3 times
Apr 2 17:24:45 scalix in.imap41d: pam_mysql - SELECT pwd FROM users WHERE scalix = 'UserTestscalixTest User'
Apr 2 17:24:45 scalix in.imap41d: pam_mysql - SELECT returned no result.
Apr 2 17:24:45 scalix in.imap41d: pam_mysql - pam_mysql_check_passwd() returning 1.
Apr 2 17:24:45 scalix in.imap41d: pam_mysql - pam_sm_authenticate() returning 10.
Code: Select all
mysql> SELECT pwd FROM users WHERE scalix = 'UserTestscalixTest User';
+------+
| pwd |
+------+
| test |
+------+
1 row in set (0.00 sec)
mysql>
As you can see running the query manually brings back results, but it appears it doesn't when run from the scalix login procedure.
Posted: Mon Apr 30, 2007 4:17 pm
by xyon
might there be a better place to post this question? Somewhere where the developers might take a look?
Posted: Mon Apr 30, 2007 5:51 pm
by xyon
with a fresh head, decided to take a closer look, and below is the config that works. Once I got a good parse strategy it wasn't the sql query causing the issues, it was the configuration of 'account' and so on. Below it requires there to exist an account in Scalix for every user, but I'm sure with some tweaking it can be strictly sql.
I hope this thread helps someone along the way. :)
Code: Select all
# Standard Scalix Authentication
#
# Comment this out if you want to use one of the alternative authentication
# schemes below.
#auth required om_auth nullok
auth sufficient /lib/security/pam_mysql.so user=scalix passwd=mypass host=127.0.0.1 db=staging [query=SELECT username FROM users WHERE description=SUBSTR('%u', (LENGTH('%u') + 6) / 2) AND pwd=MD5("%p")]
auth sufficient om_auth
auth required pam_deny
account required om_auth
password required om_auth
session required om_auth