[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New to qmail-sql: store password help



Excellent. Thanks for the concise answer. 

So, the qmail-sql patch for checkpassword uses crypt by default and not
MD5?  This is fine, but I noticed in the database schema documentation
it mentions that MD5 could also be used. I'm assuming this would require
a modification of checkpassword, correct? (as well as a modified method
of encrypting the password before being stored.)

Thanks for the insight.


On Wed, 2002-01-23 at 01:56, Michael Devogelaere wrote:
> If you have Perl on your system, you could use:
>   perl -e 'print crypt (password,salt)'.
> The salt is just a string which perturbs the algorithm in a certain
> way. Only the two first characters are used. They should be in the range
> [a-zA-Z0-9./].
> If you don't have Perl installed, you could use the following program:
> /* Compile with
>  * cc     codepasswd.c   -o codepasswd -lcrypt
>  */
> #define _XOPEN_SOURCE
> #include <unistd.h>
> #include <stdio.h>
> 
> int main(int argc, char **argv) {
>   if (argc != 3) {
>     printf ("Syntax: %s password salt\n", argv[0]);
>     return 1;
>   }
>   printf ("%s\n", crypt(argv[1],argv[2]));
>   return 0;
> }
> 
> Kind regards,
> Michael Devogelaere.
> 
> On Wed, Jan 23, 2002 at 12:08:18AM -0600, sirkus wrote:
> > Greetings,
> >   I'm new to qmail-sql, so I'm asking an question that is obvious to
> > anyone who's been here a while, but I can't seem to find any tips in the
> > documentation.
> >   If I were to use qmail-sql, I would need to use qmail-popup for POP3
> > retrieval of mail for users. This requires password authentication.  The
> > qmail-sql docs state that the password needs to be stored encrypted. 
> > Obviously we're not using a system passwd utility etc.  If I use the
> > patched checkpassword (qmail-sql version) for qmail-popup
> > authentication, what's the recommended way to encrypt a user's password
> > before storing it in the passwd table?  Is there a recommended
> > tool/method?
> > 
> > Thanks.
> > 
> > 
> > 
> >