[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New to qmail-sql: store password help

Great. Now let me contribute a tiny bit. If you want that perl script to
work from a single command line, just be sure to escape the $ chars.

perl -e "print crypt ('the passwd','\$1\$')"

If the crypt implementation acts as you state (which mine does) an MD5
encrypted string is returned. It works great for me.

However, this still doesn't seem to work when using checkpassword (MD5
or not.) I installed qmail with the qmail-sql patches (and checkpassword
is patched). Just as the install instructions suggest, I created a
"virtual.org" virtual domain entry, and added an alias-user and a "test"
user.  I then used the above script to add a password to the test user.
For clarity here's the path...

1) The database contains the following:

$ echo "select login,uid,gid,home,virtual_host,password from passwd" \
     | mysql -u admin -p userdb 
login	uid	gid	home	virtual_host	password
alias	1000	1000	/home/virtual.org	virtual.org	NULL
test	1000	1000	/home/virtual.org/test	virtual.org	NULL

2) Generate password
$ perl -e 'print crypt (test,"\$1\$")'

3) Add password to user test@xxxxxxxxxxx (excuse the any wrap)
mysql> update passwd set password='$1$$whuMjZj.HMFoaTaZRRtkO0' where

4) Check qmail-popup / checkpassword 
$ /var/qmail/bin/qmail-popup virtual /bin/checkpassword pwd
+OK <14530.1011819686@virtual>
user test@xxxxxxxxxxx
pass test
-ERR authorization failed

5) Double check database to make sure password is stored correctly.
login	uid	gid	home	virtual_host	password
alias	1000	1000	/home/virtual.org	virtual.org	NULL
test	1000	1000	/home/virtual.org/test	virtual.org	$1$$whuMjZj.HMFoaTaZRRtkO0

Have I missed anything? I've started to look through the code for
checkpassword, however, I thought I'd ask before getting too much
further.  Thanks for your time.

On Wed, 2002-01-23 at 11:30, Michael Devogelaere wrote:
> Well, i have some good news for you: everything is prepared to work with 
> MD5:
> - qmail-sql doesn't care about passwords at all.
> - checkpassword supports it depending on your crypt()-implementation
> - even my little 'codepasswd' supports it, also depending on your 
> crypt()-implementation.
> The magic is in the salt: standard crypt() only uses the two first 
> characters to generate
> a 13 characters password. The first chars of that password are exactly 
> the first characters
> of the salt. The crypt() used in glibc generates a MD5-password if the 
> salt starts with '$1$'.
> Thus you can generate a MD5-password with
>   ./codepass 'brol' '$1$a'
> Note that crypt() now uses the other characters in the salt too. I have 
> no idea about other
> crypt()-implementations, but i would suspect they work in the same way.
> I don't know how to get it done with perl from the command-line 
> (however, i'd love to learn
> how), but it works from a script:
> #!/usr/bin/perl
> print crypt (brol,'$1$ab')
> Kind regards,
> Michael Devogelaere.