[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New to qmail-sql: store password help



It's perhaps a stupid question, but did you also create /home/virtual.org/test
with the correct ownerships and permissions ? I've tried the setup you 
described and it didn't work until i created the homedir (quite logical
since we want to run 'pwd'). Do you see anything in the logs ? 
In my case it logged: 
'checkpassword: Authentication failed: troubles accessing homedir'
If nothing appears in the maillog, you should turn on logging in mysql and
look for the exact query (if any). Just to make sure your 'sqlserver' file
is set up correctly and readable and on the just location and ...

Kind regards,
Michael Devogelaere.

On Wed, Jan 23, 2002 at 03:38:57PM -0600, sirkus wrote:
> Great. Now let me contribute a tiny bit. If you want that perl script to
> work from a single command line, just be sure to escape the $ chars.
> Example:
> 
> perl -e "print crypt ('the passwd','\$1\$')"
> 
> If the crypt implementation acts as you state (which mine does) an MD5
> encrypted string is returned. It works great for me.
> 
> However, this still doesn't seem to work when using checkpassword (MD5
> or not.) I installed qmail with the qmail-sql patches (and checkpassword
> is patched). Just as the install instructions suggest, I created a
> "virtual.org" virtual domain entry, and added an alias-user and a "test"
> user.  I then used the above script to add a password to the test user.
> For clarity here's the path...
> 
> 1) The database contains the following:
> 
> $ echo "select login,uid,gid,home,virtual_host,password from passwd" \
>      | mysql -u admin -p userdb 
> login	uid	gid	home	virtual_host	password
> alias	1000	1000	/home/virtual.org	virtual.org	NULL
> test	1000	1000	/home/virtual.org/test	virtual.org	NULL
> 
> 2) Generate password
> $ perl -e 'print crypt (test,"\$1\$")'
> $1$$whuMjZj.HMFoaTaZRRtkO0
> 
> 3) Add password to user test@xxxxxxxxxxx (excuse the any wrap)
> mysql> update passwd set password='$1$$whuMjZj.HMFoaTaZRRtkO0' where
> login='test';
> 
> 4) Check qmail-popup / checkpassword 
> $ /var/qmail/bin/qmail-popup virtual /bin/checkpassword pwd
> +OK <14530.1011819686@virtual>
> user test@xxxxxxxxxxx
> +OK 
> pass test
> -ERR authorization failed
> 
> 5) Double check database to make sure password is stored correctly.
> login	uid	gid	home	virtual_host	password
> alias	1000	1000	/home/virtual.org	virtual.org	NULL
> test	1000	1000	/home/virtual.org/test	virtual.org	$1$$whuMjZj.HMFoaTaZRRtkO0
> 
> 
> Have I missed anything? I've started to look through the code for
> checkpassword, however, I thought I'd ask before getting too much
> further.  Thanks for your time.
> 
> 
> On Wed, 2002-01-23 at 11:30, Michael Devogelaere wrote:
> > Well, i have some good news for you: everything is prepared to work with 
> > MD5:
> > - qmail-sql doesn't care about passwords at all.
> > - checkpassword supports it depending on your crypt()-implementation
> > - even my little 'codepasswd' supports it, also depending on your 
> > crypt()-implementation.
> > The magic is in the salt: standard crypt() only uses the two first 
> > characters to generate
> > a 13 characters password. The first chars of that password are exactly 
> > the first characters
> > of the salt. The crypt() used in glibc generates a MD5-password if the 
> > salt starts with '$1$'.
> > Thus you can generate a MD5-password with
> >   ./codepass 'brol' '$1$a'
> > Note that crypt() now uses the other characters in the salt too. I have 
> > no idea about other
> > crypt()-implementations, but i would suspect they work in the same way.
> > I don't know how to get it done with perl from the command-line 
> > (however, i'd love to learn
> > how), but it works from a script:
> > 
> > #!/usr/bin/perl
> > print crypt (brol,'$1$ab')
> > 
> > 
> > Kind regards,
> > Michael Devogelaere.
> 
> 
>