sasl2-->saslauthd-->pam-->mysql issue

[Aaron Peterson]

> If I set pwcheck_method to auxprop and authenticate against sasldb2
> which has a single user of "ste at gaamc-lists.org" in it, along with it's
> password, I can auth just fine from mozilla, where I told it my user
> name was "ste at gaamc-lists.org".
>
> However, if I change it from auxprop to saslauthd, which calls pam,
> which does a mysql lookup instead, it fails. It opens the correct
> database and table, and selects the right fields, but it asks for a
> username of "ste", instead of "ste at gaamc-lists.org", so it doesn't find
> the password, and fails.
>
> Why is it only asking for "ste", and how do I get it to ask for the
> right value?

If you have plain text passwords in your MySQL database, you don't need
PAM to look them up.  SASL2 has this ability natively.  In any case,
perhaps my smtpd.conf will help you in the right direction.  Documentation
for SASL/SASL2 with MySQL is terrible, if you can find any at all I've
found.

$ cat smtpd.conf
pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: plain login

sql_engine: mysql
sql_hostnames: localhost
sql_user: mailuser
sql_passwd: password
sql_database: postfix
sql_select: select pass_plain from mailbox where username='%u@%r'

the "%u@%r" at the end of the select statement is probably the magic
you're looking for if you don't use PAM.

Aaron