Re: [courier-users] Can't log in via courier-pop3
This is a discussion on Re: [courier-users] Can't log in via courier-pop3 within the Courier-Imap forums, part of the Mail Servers and Related category; At 12:06 PM 3/31/2007, you wrote: >At 10:42 AM 3/31/2007, you wrote: > &...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
03-31-2007
|
|||
|
|||
Re: [courier-users] Can't log in via courier-pop3
At 12:06 PM 3/31/2007, you wrote:
>At 10:42 AM 3/31/2007, you wrote: > >Hi. > > > >Am Samstag, 31. M=E4rz 2007 schrieb James Homuth: > > > >This seems to be hexadecimal encoded (did you use PASSWORD() from a > > > >rather old > > > >mysql version?). > > > mysql 5.0 over here. > > > >Uh? > >Which hasing function is this? > > > >MySQL5 normally generates somthing like this for password: > > > >mysql> select PASSWORD('foo'); > >+-------------------------------------------+ > >| PASSWORD('foo') | > >+-------------------------------------------+ > >| *F3A2A51A9B0F2BE2468926B4132313728C250DBF | > >+-------------------------------------------+ > >Well, on this system, mysql's password function >generates 67fada7e716dd205. At least, when I do >it through phpmyadmin. Like I said I hadn't gone >too deep into configuring this that and the other >piece of software yet, since I'm just trying to >make courier work on its own before I go throwing >more into it that could potentially break. > > >But this is out of scope now. ;-) > > > > > > > >You should use Salted-MD5 as used by the UNIX-Shadow-Passwords (look= ing > > > > like $1$foobar$...). >Well, userdbpw and mysql's md5 function disagree, >so userdbpw's interpretation of it it is. > > >Wait... > > > >Your users should not have access to the MySQL-database directly, I thin= k. > >They don't. And after I make sure nothing else is >going to fall over, I don't intend to either. > > >So there must be any frontend for them or for you to create accounts. >Right now, I create accounts either by hand or >through phpmyadmin. Because there's only one >account on the server right now, and it's a test >user, so if I horribly break something, I don't >lose anything. And, I might actually learn something from it. > > >This frontend has to be changed to use the correkt hashing. >I agree, and once I get courier working, I'll go finding one. > > >No need for shell accounts to users! > > > >Ah, we've both gone and misunderstood one > >another. I'd originally thought the userdbpw > >command relied on system accounts. Meaning, when > >you were talking about the unix shadow > >passwords, I thought they were updated by that > >program. Which would have defeated the purpose of going the mysql route. > > > > If I was creating my own solution for it, that's definitely what I'd > > > do, now that I'm aware mysql's encription's pretty much useless here. > > > >I did NOT test it, but MySQL's ENCRYPT() gives me this: > > > >mysql> select ENCRYPT('foo'); > >+----------------+ > >| ENCRYPT('foo') | > >+----------------+ > >| wJrLk2nXxP1XE | > >+----------------+ > > > >This looks like the unix-crypt() that is also understood by courier. For > >testing purposes, this may be enough. >My use of the encript function gave me what you >saw in the query snip of earlier. Granted I >didn't do it by hand, but rather through >phpmyadmin, but if it's using the exact same >functions I don't see what'd change. > > >For production use, I would recommand switching to MD5. >And I plan to, now that I know where the problem is. > > > > There's my problem. I created the user here just for testing's sake > > > using phpmyadmin. Again, this was when I was thinking mysql's > > > encription functions would actually accomplish something. Looking for > > > alternatives I go. > > > >For testing purposes, you can use "userdbpw -md5" to create a password h= ash > >and put this as a regular string in your database. > >I think I'll do that. At least for the moment, >I'll only have to create about 2 acounts to start >off with when I actually take this to production, >so it's a solution while I research. Thanks a lot for the pointers. >Correction. It was a solution. Until I pasted = >the userdbpw output into the database as a = >regular string and authmysql still rejected. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?p...orge&CID=3DDE= VDEV _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/.../courier-users 
|
Linear Mode
