Author: Pat Lashley Date: To: Mason, Chris, CND Tech Dev, VF UK, exim-users Subject: Re: [Exim] SMTP Authentication: Migrating from /etc/passwd to MySQL
DB
Hi Chris,
--On Friday, October 10, 2003 09:53:30 +0100 "Mason, Chris, CND Tech Dev,
VF UK" <Chris.Mason@???> wrote:
> The users all use SMTP Authentication to send email through the box and
> their usernames are now stored in this MySQL database. Is there anyway to
> migrate their password from the /etc/passwd file into my MySQL user
> database so they do not need to go through and change their password for
> it to work. As you can image, making 100 users reset their password is
> going to be a bit annoying and some of them might find this difficault as
> it was all set up manually to start with.
If you're willing to go ahead and upgrade to Exim 4 first, you should
be able to do something similar to what I did to move from sasldb v1
(hashed per-method passwords) to sasldb v2 (shared cleartext passwords).
[ You might be able to do something similar with Exim 3 by putting the
transition code into a custom pwcheck daemon.]
Search the mailing list archives for a message from me with the Subject
'CRAM-MD5 with sasldb2' for the details.
Basicly, what you would do is to set up a PLAIN authenticator which
uses a perl script in the server_condition. The perl script should
first try to look up the password in the MySQL database. If it finds
one, it should use it for the comparison and fail if it doesn't match.
If it doesn't fine one, then it should crypt() the plaintext password
provided by the client and match against the value from /etc/passwd.
If that succeeds; then before returning success, it should store the
unencrypted password given by the client into the MySQL database for
future reference. (I suggest storing the password as cleartext in
the db to make it easier to use with CRAM-MD5; and hopefully eventually
DIGEST-MD5 authenticators.)
Using that technique; each user's password should be automattically
moved into the MySQL db the first time they send a message. After
a suitable transition period; you can remove the perl script and switch
to just the MySQL lookup.