Scalix alternative user auth

Best practice information from Scalix users relating to integration of Scalix with other products.

Moderator: ScalixSupport

xyon

Scalix alternative user auth

Postby xyon » Thu Feb 22, 2007 10:28 am

Hey everyone,

Is it possible (via pam_mysql or other means) to have Scalix POP/IMAP users authorized against a custom MySQL database? I noticed the below linked thread, and appears promising as it can be done with kerberos, or am I misunderstanding the thread?

viewtopic.php?t=2554

kanderson

Postby kanderson » Thu Feb 22, 2007 3:14 pm

I've never trie it, but Scalix uses PAM for auth, so it should be doable, yes.

xyon

Postby xyon » Thu Feb 22, 2007 7:05 pm

Excellent.. I will proceed and post back here my findings.. Thank you for the info!

xyon

Postby xyon » Mon Apr 02, 2007 5:33 pm

I've finally gotten the time to install Scalix and the install and config went great without any issues.

I am,however, having a hard time getting Scalix to auth against our custom database. Here are some snippets:

Code: Select all

# grep -v ^# /var/opt/scalix/sx/s/sys/pam.d/ual.remote

auth    sufficient  /lib/security/pam_mysql.so \
                    user_unknown=ignore \
                    user=scalix passwd=mypass \
                    host=127.0.0.1 db=staging table=users \
                    usercolumn=scalix passwdcolumn=pwd \
                    crypt=0 verbose=1
auth    required    pam_deny

account  required om_auth
password required om_auth nullok


/var/log/secure:

Code: Select all

Apr  2 17:24:45 scalix last message repeated 3 times
Apr  2 17:24:45 scalix in.imap41d: pam_mysql - SELECT pwd FROM users WHERE scalix = 'UserTestscalixTest User'
Apr  2 17:24:45 scalix in.imap41d: pam_mysql - SELECT returned no result.
Apr  2 17:24:45 scalix in.imap41d: pam_mysql - pam_mysql_check_passwd() returning 1.
Apr  2 17:24:45 scalix in.imap41d: pam_mysql - pam_sm_authenticate() returning 10.


Code: Select all

mysql> SELECT pwd FROM users WHERE scalix = 'UserTestscalixTest User';
+------+
| pwd  |
+------+
| test |
+------+
1 row in set (0.00 sec)

mysql>


As you can see running the query manually brings back results, but it appears it doesn't when run from the scalix login procedure.

xyon

Postby xyon » Mon Apr 30, 2007 4:17 pm

might there be a better place to post this question? Somewhere where the developers might take a look?

xyon

Postby xyon » Mon Apr 30, 2007 5:51 pm

with a fresh head, decided to take a closer look, and below is the config that works. Once I got a good parse strategy it wasn't the sql query causing the issues, it was the configuration of 'account' and so on. Below it requires there to exist an account in Scalix for every user, but I'm sure with some tweaking it can be strictly sql.

I hope this thread helps someone along the way. :)

Code: Select all

# Standard Scalix Authentication
#
# Comment this out if you want to use one of the alternative authentication
# schemes below.
#auth     required om_auth nullok

auth sufficient /lib/security/pam_mysql.so user=scalix passwd=mypass host=127.0.0.1 db=staging [query=SELECT username FROM users WHERE description=SUBSTR('%u', (LENGTH('%u') + 6) / 2) AND pwd=MD5("%p")]
auth sufficient om_auth
auth required pam_deny
account required om_auth
password required om_auth
session required om_auth


Return to “Third Party Integration”



Who is online

Users browsing this forum: No registered users and 0 guests