Sunday, October 21, 2007

Solaris 10 package for pam_mysql

There are many choices for authentication in the UNIX operating system, and PAM (Pluggable Authentication Modules) gives a flexible and powerful interface to many of them.

Over at http://pam-mysql.sourceforge.net you can download source for a PAM module that allows authentication against MySQL - very handy. At 360is we have a managed email solution that permits virtual domain information to be stored in a MySQL database, and pam-mysql provides a nice method to authenticate IMAP and SMTP sessions against this database.

Faced with rolling this out to many Solaris systems we decided to compile pam-mysql and produce a Sun package of it - you can download it from here. We've only built this on Solaris 10 for i386 so far, but if demand for a Sparc version arises, we can probably build it too.

It's compiled with Sun Studio 11, complete with optimisations, and is linked against MySQL5 from Blastwave. You'll need a couple of packages from Blastwave to satisfy the dependencies (noted in the package) - CSWmysql5rt [mysql5rt] and CSWosslrt [openssl_rt].

A typical usage would be to have Cyrus SASLauthd authenticating against pam. Here's a quick example pam.conf entry for smtp:


smtp auth sufficient pam_mysql.so user=[SQLUSER] passwd=[SQLPASSWD] host=/tmp/mysql.sock db=[SQLDATABASE] table=[SQLTABLE] usercolumn=[SQLFIELD] passwdcolumn=[SQLFIELD] crypt=1 sqllog=0
smtp auth required pam_mysql.so user=[SQLUSER] passwd=[SQLPASSWD] host=/tmp/mysql.sock db=[SQLDATABASE] table=[SQLTABLE] usercolumn=[SQLFIELD] passwdcolumn=[SQLFIELD] crypt=1 sqllog=0
smtp account sufficient pam_mysql.so user=[SQLUSER] passwd=[SQLPASSWD] host=/tmp/mysql.sock db=[SQLDATABASE] table=[SQLTABLE] usercolumn=[SQLFIELD] passwdcolumn=[SQLFIELD] crypt=1 sqllog=0


...replace all the [] with your correct information.

No comments: