[tpop3d-discuss] Re: [Vmail-discuss] migrating MD5 hash used in /etc/shadow to vmail-sql

Chris Lightfoot chris at ex-parrot.com
Tue, 22 May 2001 11:56:05 +0100 

On Thu, May 17, 2001 at 04:57:38PM -0400, Marcin Pacyna wrote:
> I'm trying to migrate my 600+ users from a regular POP3 setup (1 unix system
> account per POP3 mailbox) to vmail-sql (mysql + tpop3d + exim) setup.  One
> of the concerns I have is migrating the passwords which are currently stored
> in /etc/shadow as (AFAIK) MD5 hashes: (this is a RedHat 6.2 box BTW):
> 
> example entry from /etc/shadow:
> 
> domainvm1:$1$dsBlPaKU$OQ45C8IlRjE2GBq1uK.Qi.:11439:0:99999:7:-1:-1:114550524
> 
> however if I put that password hash string
> ($1$dsBlPaKU$OQ45C8IlRjE2GBq1uK.Qi.) into the popbox table - I can't
> authenticate.  If I generate the password using the sample VE-passwd script
> then auth works fine.  The hash strings in /etc/shadow all start with '$1$'
> which I think is the salt but I'm not sure what to do with it.
> 
> In short - does anyone know how can I migrate/convert all the hashes from
> /etc/shadow to something that tpop3d understands?

OK, there is now a new tpop3d, 1.3.2, which supports
various different sorts of password hashes in the MySQL
database. This is a not-quite-released version, but it has
been tested. Get it from

    http://www.ex-parrot.com/~chris/tpop3d/tpop3d-1.3.2.tar.gz

You will need to alter your vmail-sql table with a command
like

    ALTER TABLE popbox MODIFY password_hash VARCHAR(255)

to accomodate the longer password hash strings. Then you
can use

    {crypt}...          system crypt
    {crypt_md5}...      crypt_md5 as in Linux PAM
    {md5}...            MD5 password
    {plaintext}...      plaintext password used for APOP
    ...                 old-style untagged MD5 password

Vmail-sql itself does not yet support these -- but it will
shortly.

Thus, to migrate your existing passwords, you should be
able to simply copy the second field from /etc/shadow into
the database, prefixing it with `{crypt}' or
`{crypt_md5}'. (The two are equivalent on Linux because
the system crypt(3) function detects the special $1$...$
syntax of crypt_md5 passwords and uses the right version
of the crypt function accordingly. But this is not the
case on other systems, so both options are provided in
tpop3d.)

-- 
Chris Lightfoot -- www.ex-parrot.com/~chris/
 All human actions are equivalent, and all are doomed to failure.
 (Sartre)