[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New to qmail-sql: store password help



sirkus wrote:

Excellent. Thanks for the concise answer.
So, the qmail-sql patch for checkpassword uses crypt by default and not
MD5?  This is fine, but I noticed in the database schema documentation
it mentions that MD5 could also be used. I'm assuming this would require
a modification of checkpassword, correct? (as well as a modified method
of encrypting the password before being stored.)

Well, i have some good news for you: everything is prepared to work with MD5:
- qmail-sql doesn't care about passwords at all.
- checkpassword supports it depending on your crypt()-implementation
- even my little 'codepasswd' supports it, also depending on your crypt()-implementation. The magic is in the salt: standard crypt() only uses the two first characters to generate a 13 characters password. The first chars of that password are exactly the first characters of the salt. The crypt() used in glibc generates a MD5-password if the salt starts with '$1$'.
Thus you can generate a MD5-password with
 ./codepass 'brol' '$1$a'
Note that crypt() now uses the other characters in the salt too. I have no idea about other
crypt()-implementations, but i would suspect they work in the same way.
I don't know how to get it done with perl from the command-line (however, i'd love to learn
how), but it works from a script:

#!/usr/bin/perl
print crypt (brol,'$1$ab')


Kind regards,
Michael Devogelaere.



Thanks for the insight.


On Wed, 2002-01-23 at 01:56, Michael Devogelaere wrote:

If you have Perl on your system, you could use:
 perl -e 'print crypt (password,salt)'.
The salt is just a string which perturbs the algorithm in a certain
way. Only the two first characters are used. They should be in the range
[a-zA-Z0-9./].
If you don't have Perl installed, you could use the following program:
/* Compile with
* cc     codepasswd.c   -o codepasswd -lcrypt
*/
#define _XOPEN_SOURCE
#include <unistd.h>
#include <stdio.h>

int main(int argc, char **argv) {
 if (argc != 3) {
   printf ("Syntax: %s password salt\n", argv[0]);
   return 1;
 }
 printf ("%s\n", crypt(argv[1],argv[2]));
 return 0;
}

Kind regards,
Michael Devogelaere.

On Wed, Jan 23, 2002 at 12:08:18AM -0600, sirkus wrote:

Greetings,
 I'm new to qmail-sql, so I'm asking an question that is obvious to
anyone who's been here a while, but I can't seem to find any tips in the
documentation.
 If I were to use qmail-sql, I would need to use qmail-popup for POP3
retrieval of mail for users. This requires password authentication.  The
qmail-sql docs state that the password needs to be stored encrypted. Obviously we're not using a system passwd utility etc. If I use the
patched checkpassword (qmail-sql version) for qmail-popup
authentication, what's the recommended way to encrypt a user's password
before storing it in the passwd table?  Is there a recommended
tool/method?

Thanks.