Re: [courier-users] Can't log in via courier-pop3

--===============2009576483==
Content-Type: multipart/signed; boundary="nextPart1796890.AOkidptETf";
protocol="application/pgp-signature"; micalg=pgp-sha1
Content-Transfer-Encoding: 7bit

--nextPart1796890.AOkidptETf
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Hi.

Am Samstag, 31. M=E4rz 2007 schrieb James Homuth:
> >This seems to be hexadecimal encoded (did you use PASSWORD() from a
> >rather old
> >mysql version?).
> mysql 5.0 over here.

Uh?
Which hasing function is this?

MySQL5 normally generates somthing like this for password:

mysql> select PASSWORD('foo');
+-------------------------------------------+
| PASSWORD('foo') |
+-------------------------------------------+
| *F3A2A51A9B0F2BE2468926B4132313728C250DBF |
+-------------------------------------------+

But this is out of scope now. ;-)


> >You should use Salted-MD5 as used by the UNIX-Shadow-Passwords (looking
> > like $1$foobar$...).
> Will that mesh with the cryptpw field in authmysqlrc or will I have
> to switch to clearpw?

No! cryptpw is just fine.

clearpw is ONLY needed when you have to provide CRAM authentication methods=
=2E=20
in that case, it must really hold the CLEAR password. That's why one doesn'=
t=20
want his provider to offer CRAM. ;-)


> >One way to get them is to use "userdbpw -md5" on the command line.
> I'm trying to eliminate the need for system accounts just for
> checking mail, because I'm the only person who's actually going to
> *need* a system account.

Wait...

Your users should not have access to the MySQL-database directly, I think. =
So=20
there must be any frontend for them or for you to create accounts.

This frontend has to be changed to use the correkt hashing.

No need for shell accounts to users!


> If I was creating my own solution for it, that's definitely what I'd
> do, now that I'm aware mysql's encription's pretty much useless here.

I did NOT test it, but MySQL's ENCRYPT() gives me this:

mysql> select ENCRYPT('foo');
+----------------+
| ENCRYPT('foo') |
+----------------+
| wJrLk2nXxP1XE |
+----------------+

This looks like the unix-crypt() that is also understood by courier. For=20
testing purposes, this may be enough.

=46or production use, I would recommand switching to MD5.


> There's my problem. I created the user here just for testing's sake
> using phpmyadmin. Again, this was when I was thinking mysql's
> encription functions would actually accomplish something. Looking for
> alternatives I go.

=46or testing purposes, you can use "userdbpw -md5" to create a password ha=
sh=20
and put this as a regular string in your database.

cu, Bernd

=2D-=20
Es vergeht kein Tag an dem ich nicht alles wieder infrage stelle.
- Andr=E9 Gide (frz. Schriftsteller)

--nextPart1796890.AOkidptETf
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQIVAwUARg5zZA0b18vi86Q/AQKVPBAA0NvbM6iifB/ciHZRrnXEZrc6nw1nOQkD
Qc6HCWgkugvpFlbRQDEK4hD135zIeVYaBLittGf0WybZsKaHYO DDd2HvETdkJCSv
MMBuBTvDaHVgli3fvRHWovke2HURLy3evdCnHFLgMD8H/YVS6dSWT10g8Pk21ltk
DMEKOYIWtRU4QOVsKWUMhMQrM2Mk8O+UqB6g8arLjqpk385/q9XZS3DKloOk0qfF
kxJSY+iaf3d0WPBToyq6WqqxUhfB48Bz6sq6h6yrGrOcnqbNzP ydBGuuvpF9323N
U68gpj8bjU2nkuKfPI031GyXtHgWtVN75DedHZxKiv4BNEptew HdyXX7z9JOJUsS
27b+h35+odzZETDpZFGuHH9UESQWGoi2BGwtaBJidR0Dpjsy97 77VlNArkU4NgY0
EPnf6N5eWxwYErDKg0Xz7RJoAvTczq5ieJDTBmk1kA5/ZxiXQhGCMl5oRd/CBbQ0
WDTMHW/nJHxuefxGVstMHo9CeooTUGDNNhOazraKq1bYbsii9y+VaHLRq aO/Qdy+
+FmEffHayNMNfmF/KjOuwu6uG4yvsISTm+OkE8bpfjqyZQY/y3bwSIKouJzFENwF
wTmWLX5dHFoDVUGBuMr6U2fo8vi8CaAxudmx8/zbd+DPc2Y8FVsUWXbVY06J6Fas
g/YZDNze/9Y=
=o++k
-----END PGP SIGNATURE-----

--nextPart1796890.AOkidptETf--


--===============2009576483==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?p...rge&CID=DEVDEV
--===============2009576483==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/.../courier-users

--===============2009576483==--