Bug#731954: libsasl2-modules-sql: Support password_format: crypt for sql

[Dan White]

On 12/11/13 07:49 -0800, alex wrote:
>Package: libsasl2-modules-sql
>Version: 2.1.25.dfsg1-6+deb7u1
>Severity: wishlist
>
>
>Dear Maintainer,
>
>Encrypting the password in an sql database for sasl2 to use has been a
>long outstanding feature that needs to be fixed. There are currently a few
>methods of resolving the issue but they involve outdated patches as well
>as installing other packages as a work around to the solution. Fixing this
>issue could help resolve a major issue with sql databases and sasl2 and
>help promote cyrus as imap server.
>
>The issue in question is the lack of support for the password_format:
>crypt option. As online security is ever more important this day and age,
>storing plain text passwords in a database isn't an acceptable use case.
>This functionality has been included with other libsasl2-modules-*
>packages. I honestly haven't found an answer as to why this functionality
>hasn't been included. If there is a reason, I apologize for the bug report
>but would also like an explanation so that I may document it accordingly.
>
>Thank you for your time. I look forward to answering any more questions
>you may have about this issue and/or what the current fixes look like.

>ii  libsasl2-modules  2.1.25.dfsg1-6+deb7u1

Recent versions of libsasl2 (including cyrus-sasl2 2.1.25.dfsg1-17) contain
support for pwcheck_method: auxprop-hashed, but unfortunately is
undocumented. The source leads me to believe that the stored value should
me an md5 hash of the shared secret.

This functionality has not been implemented in all auxprop plugins
(including ldapdb), due to the fact that it is undocumented.

-- 
Dan White