$Id: README,v 1.2 1999/06/14 14:57:57 anewsome Exp $

pwcheck_mysql is a an authentication module for the Cyrus IMAP server. It allows IMAP mail users to be authenticated against a MySQL database. This is nice because it allows you to have IMAP mail users without having regular UNIX accounts. There are probably many caveats to using this module including:

o Passwords will show up in the MySQL log if you have logging on your MySQL server, this is the default. Although this module is designed to encrypt passwords as they are stored in the database, they can still be seen in plain text in the SQL logs this is due to the fact that I am using password () in my SQL statement, a MySQL specific function. If anyone knows how to encrypt the password before doing the "select" statement, that would be great. I think it has something to do with the scramble() function in $mysql_src/client/password.c, maybe one of you experts out there can tell me. If this security hole bothers you, you could either run your MySQL server without logging or symlink your log to /dev/null, which is what I do and it's a little more flexible for me but of course YMMV. I also believe that the mysql.log file is chmod 600, so how big of an issue could this really be.

o Database options (host, database, user and password) are compiled in. To change them they need to be recompiled. If someone knows how to hack in support for a config file, that would be great also. Although I think a config file would probably cause some security headaches as well, considering the password to connect to MySQL would have to be listed in plaintext in the config file.

o Probably a bunch of stuff I haven't thought of, but hey that's why it's open source.  I welcome any and all improvements.

This module was compiled and tested on Slackware Linux using Cyrus imapd-v1.5.14, and mysql-3.22.21 although it should run on any version of Unix that both mysql and Cyrus IMAP support.

Hopefully you already have a mysql table full of users and passwords. The passwords need to be stored in a mysql encrypted form, becuase that the way I like to do it. If for some reason that's not the way you like to do it, just change the select statement at the top of the file.

You should also change the defines for database, user, password, etc, at the top of the file.

To use this module:

* Copy pwcheck_mysql.c to $SRCDIR/pwcheck.

* Configure Cyrus IMAP with "./configure --with-pwcheck=mysql --with-login=unix_pwcheck"

* Edit $SRCDIR/pwcheck/Makefile and edit some lines to look something like the following:

	CPPFLAGS = -I/usr/local/include/mysql -I. -I$(srcdir) -I$(srcdir)/../lib -I$(srcdir)/../et
	LIBS = -lmysqlclient -ldb -lndbm -ldl
	LDFLAGS = -g -L/usr/local/lib/mysql

* Do a "make depend" and then a "make"

If it doesn't work for you I probably won't be able to help much, as I am not much of a C programmer. Unless it's a simple problem I probably won't be able to answer questions of why this thing won't compile on your foobar OS.

That being said, feel free to email any questions fixes, updates or whatever to me.

Notes:
I had one heck of a time to get this thing to compile first few tries. As it turned out, this could have probably been a whole lot easier if I had asked an experienced programmer to help me with this. All I can say is, make sure your libraries are all in order, that your LD_LIBRARY_PATH is doing what it's supposed too, etc. Like I said before, if you have trouble compiling this module chances are I won't be able to help you unless it is a really simple problem.

Enjoy.

Aaron Newsome
aaron.d.newsome@wdc.com
