Creating an account
This is a discussion on Creating an account within the alt.comp.mail.qmail forums, part of the Mail Servers and Related category; I am a bit of a beginner at this so please help and be patient. Goal: I want the create ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-20-2006
|
|||
|
|||
Creating an account
I am a bit of a beginner at this so please help and be patient.
Goal: I want the create an account in qmail. What I want to do is ask the user for information and after some verification I want to automatically create that account for him. Now I have tracked down some things. The vpopmail database is in mysql and it holds his information related to the mail account. -- Side questions before I forget: The unencrypted password is there as well as an encrypted form. -- Is the unencrypted one necessary? -- How is it encrpted? It is not md5 (I use php) because the results are different. So far: I have tracked down the html files. They are in /var/www/cgi-bin/vqadmin/html. There appears to be a key one named add_user.html. It has in it: <form action="/cgi-bin/vqadmin/vqadmin.cgi" method="post" name="form1" id="form1"> and then has: <table border="0" cellspacing="2" cellpadding="2"> <tr><td class="clsLabelR">#-020</td> <td><INPUT TYPE="TEXT" NAME="eaddr" SIZE="30" VALUE="$-UA"></td></tr> <tr><td class="clsLabelR">#-021</td> <td><INPUT TYPE="TEXT" NAME="cpass" SIZE="30" VALUE="$-UO"></td></tr> <tr><td class="clsLabelR">#-039</td> <td><INPUT TYPE="TEXT" NAME="quota" SIZE="30" VALUE="$-UQ"></td></tr> <tr><td class="clsLabelR">#-022</td> <td><INPUT TYPE="TEXT" NAME="fname" SIZE="30" VALUE="$-UN"></td></tr> <tr><td class="clsLabel">#-040</td> </tr> </table> Assuming that this is the html file that actually gets sent to create the account, what I want to do is from a different php file send to /cgi-bin/vqadmin/vqadmin.cgi the information in a manner that it thinks it is coming from this form. I want to do that without any user interaction. So: -- Is this the right one? -- How do I do that? -- What are those #-020 and things? Thanks for any help. Shelly (Sheldon) 
|
|
01-22-2006
|
|||
|
|||
|
Re: Creating an account
Shelly wrote:
> I am a bit of a beginner at this so please help and be patient. > > Goal: > I want the create an account in qmail. What I want to do is ask the user > for information and after some verification I want to automatically create > that account for him. Now I have tracked down some things. The vpopmail > database is in mysql and it holds his information related to the mail > account. > -- Side questions before I forget: The unencrypted password is > there as well as an encrypted form. > -- Is the unencrypted one necessary? > -- How is it encrpted? It is not md5 (I use php) because > the results are different. > > So far: > I have tracked down the html files. They are in > /var/www/cgi-bin/vqadmin/html. There appears to be a key one named > add_user.html. It has in it: > <form action="/cgi-bin/vqadmin/vqadmin.cgi" method="post" name="form1" > id="form1"> > and then has: > <table border="0" cellspacing="2" cellpadding="2"> > <tr><td class="clsLabelR">#-020</td> > <td><INPUT TYPE="TEXT" NAME="eaddr" SIZE="30" VALUE="$-UA"></td></tr> > <tr><td class="clsLabelR">#-021</td> > <td><INPUT TYPE="TEXT" NAME="cpass" SIZE="30" VALUE="$-UO"></td></tr> > <tr><td class="clsLabelR">#-039</td> > <td><INPUT TYPE="TEXT" NAME="quota" SIZE="30" VALUE="$-UQ"></td></tr> > <tr><td class="clsLabelR">#-022</td> > <td><INPUT TYPE="TEXT" NAME="fname" SIZE="30" VALUE="$-UN"></td></tr> > <tr><td class="clsLabel">#-040</td> </tr> > </table> > > Assuming that this is the html file that actually gets sent to create the > account, what I want to do is from a different php file send to > /cgi-bin/vqadmin/vqadmin.cgi the information in a manner that it thinks it > is coming from this form. I want to do that without any user interaction. > So: > -- Is this the right one? > -- How do I do that? > -- What are those #-020 and things? > > Thanks for any help. > > Shelly (Sheldon) > > As far as the importance/necessity of the unencrypted password, the answer depends on your setup. If your mail setup has capability of smtp authentication or pop before smtp, it might be necessary for those processies to access the clear text password. If the encrypted password is of 13 characters long it is encrypted using crypt. The password could also be encrypted using the mysql PASSWORD command. If you are using PHP I do not see a reason why you would need to resubmit the data to a different script. Why not insert the data into a temporary location until such time as the data provided on the form has been verified or the account approved. You of course could open a connection from within a php process and provide the requisite information to the cgi script you mentioned. I.e. post to /cgi-bin/vqadmin/vqadmin.cgi with the requisite paramaters. You might have to handle authentication if that is setup to prevent anyone from accessing that form and creating users as they see fit. AK
|
|
01-23-2006
|
|||
|
|||
|
Re: Creating an account
"AK" <aktrader2@excite.com> wrote in message news:jaWdnV6YDuCqKk7enZ2dnUVZ_sCdnZ2d@comcast.com. .. > Shelly wrote: > >> I am a bit of a beginner at this so please help and be patient. >> >> Goal: >> I want the create an account in qmail. What I want to do is ask the user >> for information and after some verification I want to automatically >> create that account for him. Now I have tracked down some things. The >> vpopmail database is in mysql and it holds his information related to the >> mail account. >> -- Side questions before I forget: The unencrypted password is >> there as well as an encrypted form. >> -- Is the unencrypted one necessary? >> -- How is it encrpted? It is not md5 (I use php) >> because the results are different. >> >> So far: >> I have tracked down the html files. They are in >> /var/www/cgi-bin/vqadmin/html. There appears to be a key one named >> add_user.html. It has in it: >> <form action="/cgi-bin/vqadmin/vqadmin.cgi" method="post" name="form1" >> id="form1"> >> and then has: >> <table border="0" cellspacing="2" cellpadding="2"> >> <tr><td class="clsLabelR">#-020</td> >> <td><INPUT TYPE="TEXT" NAME="eaddr" SIZE="30" VALUE="$-UA"></td></tr> >> <tr><td class="clsLabelR">#-021</td> >> <td><INPUT TYPE="TEXT" NAME="cpass" SIZE="30" VALUE="$-UO"></td></tr> >> <tr><td class="clsLabelR">#-039</td> >> <td><INPUT TYPE="TEXT" NAME="quota" SIZE="30" VALUE="$-UQ"></td></tr> >> <tr><td class="clsLabelR">#-022</td> >> <td><INPUT TYPE="TEXT" NAME="fname" SIZE="30" VALUE="$-UN"></td></tr> >> <tr><td class="clsLabel">#-040</td> </tr> >> </table> >> >> Assuming that this is the html file that actually gets sent to create the >> account, what I want to do is from a different php file send to >> /cgi-bin/vqadmin/vqadmin.cgi the information in a manner that it thinks >> it is coming from this form. I want to do that without any user >> interaction. So: >> -- Is this the right one? >> -- How do I do that? >> -- What are those #-020 and things? >> >> Thanks for any help. >> >> Shelly (Sheldon) > > > As far as the importance/necessity of the unencrypted password, the answer > depends on your setup. If your mail setup has capability of smtp > authentication or pop before smtp, it might be necessary for those > processies to access the clear text password. > > If the encrypted password is of 13 characters long it is encrypted using > crypt. > > The password could also be encrypted using the mysql PASSWORD command. > > If you are using PHP I do not see a reason why you would need to resubmit > the data to a different script. Why not insert the data into a temporary > location until such time as the data provided on the form has been > verified or the account approved. > > You of course could open a connection from within a php process and > provide the requisite information to the cgi script you mentioned. > I.e. post to /cgi-bin/vqadmin/vqadmin.cgi with the requisite paramaters. > You might have to handle authentication if that is setup to prevent anyone > from accessing that form and creating users as they see fit. > > AK Thank you very much for responding. I especially appreciate the crypt and PASSWORD statements and I will check those. As far as the main problem, I decided to go another way. I will write a very small file to a directory not accessible via the web to users. That file will have the password and comment and named with the username. Meanwhile, there will be a cron job to detect the file, read it, create the email account, and delete the file. Shelly
|
|
01-23-2006
|
|||
|
|||
|
Re: Creating an account
> Thank you very much for responding. I especially appreciate the crypt and > PASSWORD statements and I will check those. I did some checking: The PASSWORD function gives rather short strings. I lloked at md5 and crypt. Here is what I found: encryption of the password in db = $1$HYbSWdJe$TpNyU4T19j2ctRKBFCw6J. crypt (the password) = $1$gekfbVo8$Un6C9IZ6Ny0Bv.KTTKQO00 md5(the password) = c097118a6d4d5bf6217c84656f571a8b crypt(md5(the password)) = $1$ixc45jaO$CApUDBK/cdUSB.f52Hdhc. md5(crypt(the password)) = 2abea10dff337fa1b02c2371c5e74934 Any more suggestions for what the qmail stores in the vpopmail database? Shelly
|
|
01-23-2006
|
|||
|
|||
|
Re: Creating an account
Shelly wrote:
>>Thank you very much for responding. I especially appreciate the crypt and >>PASSWORD statements and I will check those. > > > I did some checking: The PASSWORD function gives rather short strings. I > lloked at md5 and crypt. Here is what I found: > > encryption of the password in db = $1$HYbSWdJe$TpNyU4T19j2ctRKBFCw6J. > crypt (the password) = $1$gekfbVo8$Un6C9IZ6Ny0Bv.KTTKQO00 > md5(the password) = c097118a6d4d5bf6217c84656f571a8b > crypt(md5(the password)) = $1$ixc45jaO$CApUDBK/cdUSB.f52Hdhc. > md5(crypt(the password)) = 2abea10dff337fa1b02c2371c5e74934 > > Any more suggestions for what the qmail stores in the vpopmail database? > > Shelly > > The format of the password in the database, $1$HYbSWdJe$TpNyU4T19j2ctRKBFCw6J, appears to be an md5 digest. have a look at the CGI to which the user addition form is submitted to see what is going on. It might be using a specific key,hash to encrypt the password. Ak
|
|
01-24-2006
|
|||
|
|||
|
Re: Creating an account
"AK" <aktrader2@excite.com> wrote in message news:ntKdnfMdsrY-wEjenZ2dnUVZ_tKdnZ2d@comcast.com... > Shelly wrote: > >>>Thank you very much for responding. I especially appreciate the crypt >>>and >>>PASSWORD statements and I will check those. >> >> >> I did some checking: The PASSWORD function gives rather short strings. >> I lloked at md5 and crypt. Here is what I found: >> >> encryption of the password in db = $1$HYbSWdJe$TpNyU4T19j2ctRKBFCw6J. >> crypt (the password) = >> $1$gekfbVo8$Un6C9IZ6Ny0Bv.KTTKQO00 >> md5(the password) = c097118a6d4d5bf6217c84656f571a8b >> crypt(md5(the password)) = $1$ixc45jaO$CApUDBK/cdUSB.f52Hdhc. >> md5(crypt(the password)) = 2abea10dff337fa1b02c2371c5e74934 >> >> Any more suggestions for what the qmail stores in the vpopmail database? >> >> Shelly >> >> > > The format of the password in the database, > $1$HYbSWdJe$TpNyU4T19j2ctRKBFCw6J, appears to be an md5 digest. > > have a look at the CGI to which the user addition form is submitted to see > what is going on. It might be using a specific key,hash to encrypt the > password. > > Ak I don't know what you mean by look at the CGI. It is a binary file (vqadmin.cgi) . Searching through it I didn't find md5, but I did find a couple of crypt. There is also a file .htaccess there that has: AuthType Basic AuthUserFile /etc/httpd/conf/vqadmin.passwd AuthName vQadmin require valid-user satisfy any I looked in that file and it had: admin:???? where the ???? represents a string of characters and numbers that is 13 digits long. (I didn't think I should post the actual value here). Why do you say that what in the database looks like md5? From what I saw, the $1 stuff only seems to come up with the crypt. There is also a vqadmin.acl file along with the .cgi file. Shelly
|
|
01-24-2006
|
|||
|
|||
|
Re: Creating an account
"AK" <aktrader2@excite.com> wrote in message news:ntKdnfMdsrY-wEjenZ2dnUVZ_tKdnZ2d@comcast.com... > Shelly wrote: > >>>Thank you very much for responding. I especially appreciate the crypt >>>and >>>PASSWORD statements and I will check those. >> >> >> I did some checking: The PASSWORD function gives rather short strings. >> I lloked at md5 and crypt. Here is what I found: >> >> encryption of the password in db = $1$HYbSWdJe$TpNyU4T19j2ctRKBFCw6J. >> crypt (the password) = >> $1$gekfbVo8$Un6C9IZ6Ny0Bv.KTTKQO00 >> md5(the password) = c097118a6d4d5bf6217c84656f571a8b >> crypt(md5(the password)) = $1$ixc45jaO$CApUDBK/cdUSB.f52Hdhc. >> md5(crypt(the password)) = 2abea10dff337fa1b02c2371c5e74934 >> >> Any more suggestions for what the qmail stores in the vpopmail database? >> >> Shelly >> >> > > The format of the password in the database, > $1$HYbSWdJe$TpNyU4T19j2ctRKBFCw6J, appears to be an md5 digest. > > have a look at the CGI to which the user addition form is submitted to see > what is going on. It might be using a specific key,hash to encrypt the > password. > > Ak I don't know what you mean by look at the CGI. It is a binary file (vqadmin.cgi) . Searching through it I didn't find md5, but I did find a couple of crypt. There is also a file .htaccess there that has: AuthType Basic AuthUserFile /etc/httpd/conf/vqadmin.passwd AuthName vQadmin require valid-user satisfy any I looked in that file and it had: admin:???? where the ???? represents a string of characters and numbers that is 13 digits long. (I didn't think I should post the actual value here). Why do you say that what in the database looks like md5? From what I saw, the $1 stuff only seems to come up with the crypt. There is also a vqadmin.acl file along with the .cgi file. Shelly
|
|
01-24-2006
|
|||
|
|||
|
Re: Creating an account
Shelly wrote:
> "AK" <aktrader2@excite.com> wrote in message > news:ntKdnfMdsrY-wEjenZ2dnUVZ_tKdnZ2d@comcast.com... > >>Shelly wrote: >> >> >>>>Thank you very much for responding. I especially appreciate the crypt >>>>and >>>>PASSWORD statements and I will check those. >>> >>> >>>I did some checking: The PASSWORD function gives rather short strings. >>>I lloked at md5 and crypt. Here is what I found: >>> >>>encryption of the password in db = $1$HYbSWdJe$TpNyU4T19j2ctRKBFCw6J. >>>crypt (the password) = >>>$1$gekfbVo8$Un6C9IZ6Ny0Bv.KTTKQO00 >>>md5(the password) = c097118a6d4d5bf6217c84656f571a8b >>>crypt(md5(the password)) = $1$ixc45jaO$CApUDBK/cdUSB.f52Hdhc. >>>md5(crypt(the password)) = 2abea10dff337fa1b02c2371c5e74934 >>> >>>Any more suggestions for what the qmail stores in the vpopmail database? >>> >>>Shelly >>> >>> >> >>The format of the password in the database, >>$1$HYbSWdJe$TpNyU4T19j2ctRKBFCw6J, appears to be an md5 digest. >> >>have a look at the CGI to which the user addition form is submitted to see >>what is going on. It might be using a specific key,hash to encrypt the >>password. >> >>Ak > > > I don't know what you mean by look at the CGI. It is a binary file > (vqadmin.cgi) . Searching through it I didn't find md5, but I did find a > couple of crypt. There is also a file .htaccess there that has: > AuthType Basic > AuthUserFile /etc/httpd/conf/vqadmin.passwd > AuthName vQadmin > require valid-user > satisfy any > I looked in that file and it had: > admin:???? where the ???? represents a string of characters > and numbers that is 13 digits long. (I didn't think I should post the > actual value here). > > Why do you say that what in the database looks like md5? From what I saw, > the $1 stuff only seems to come up with the crypt. > > There is also a vqadmin.acl file along with the .cgi file. > > Shelly > > > The thirteen character encrypted password in the .htaccess file is the standard unix crypt. run ldd on the cgi file and see what dynamic libraries if any it uses. Do the following test: add a test user with password. Then run crypt on the plain text password. Do you get the same result? The two must match. AK
|
|
01-26-2006
|
|||
|
|||
|
Re: Creating an account
I do not create users. I only create qmail accounts. The password
ends up in the vpopmail mysql database. When I checked what was there in that database versus a crypt(that_plain_text_password), they did not match. encryption of the password in db = $1$HYbSWdJe$TpNyU4T19j2ctRKBFCw6J. crypt (the password) = $1$gekfbVo8$Un6C9IZ6Ny0Bv.KTTKQO00 What ends up in .htaccess is not of much use to me, since I either have to check what is in the vpopmail database, or in a separate database that I create and encode with md5.
|
|
01-27-2006
|
|||
|
|||
|
Re: Creating an account
sheldonlg@gmail.com wrote:
> I do not create users. I only create qmail accounts. The password > ends up in the vpopmail mysql database. > > When I checked what was there in that database versus a > crypt(that_plain_text_password), they did not match. > > encryption of the password in db = $1$HYbSWdJe$TpNyU4T19j2ctRKBFCw6J. > crypt (the password) = > $1$gekfbVo8$Un6C9IZ6Ny0Bv.KTTKQO00 > > What ends up in .htaccess is not of much use to me, since I either have > to check what is in the vpopmail database, or in a separate database > that I create and encode with md5. > When you use crypt sequentially on the same password, is the result the same? Try the crypt(md5(password)) does that match the encrypted entry in the database? Does crypt have an option for a seed? crypt('$1$HYbSWdJe$TpNyU4T19j2ctRKBFCw6J','passwor d')? AK
|
Linear Mode
