[tpop3d-discuss] Re: [Vmail-discuss] migrating MD5 hash used in /etc/shadow to vmail-sql
Chris Lightfoot
chris at ex-parrot.com
Tue, 22 May 2001 11:56:05 +0100
On Thu, May 17, 2001 at 04:57:38PM -0400, Marcin Pacyna wrote:
> I'm trying to migrate my 600+ users from a regular POP3 setup (1 unix system
> account per POP3 mailbox) to vmail-sql (mysql + tpop3d + exim) setup. One
> of the concerns I have is migrating the passwords which are currently stored
> in /etc/shadow as (AFAIK) MD5 hashes: (this is a RedHat 6.2 box BTW):
>
> example entry from /etc/shadow:
>
> domainvm1:$1$dsBlPaKU$OQ45C8IlRjE2GBq1uK.Qi.:11439:0:99999:7:-1:-1:114550524
>
> however if I put that password hash string
> ($1$dsBlPaKU$OQ45C8IlRjE2GBq1uK.Qi.) into the popbox table - I can't
> authenticate. If I generate the password using the sample VE-passwd script
> then auth works fine. The hash strings in /etc/shadow all start with '$1$'
> which I think is the salt but I'm not sure what to do with it.
>
> In short - does anyone know how can I migrate/convert all the hashes from
> /etc/shadow to something that tpop3d understands?
OK, there is now a new tpop3d, 1.3.2, which supports
various different sorts of password hashes in the MySQL
database. This is a not-quite-released version, but it has
been tested. Get it from
http://www.ex-parrot.com/~chris/tpop3d/tpop3d-1.3.2.tar.gz
You will need to alter your vmail-sql table with a command
like
ALTER TABLE popbox MODIFY password_hash VARCHAR(255)
to accomodate the longer password hash strings. Then you
can use
{crypt}... system crypt
{crypt_md5}... crypt_md5 as in Linux PAM
{md5}... MD5 password
{plaintext}... plaintext password used for APOP
... old-style untagged MD5 password
Vmail-sql itself does not yet support these -- but it will
shortly.
Thus, to migrate your existing passwords, you should be
able to simply copy the second field from /etc/shadow into
the database, prefixing it with `{crypt}' or
`{crypt_md5}'. (The two are equivalent on Linux because
the system crypt(3) function detects the special $1$...$
syntax of crypt_md5 passwords and uses the right version
of the crypt function accordingly. But this is not the
case on other systems, so both options are provided in
tpop3d.)
--
Chris Lightfoot -- www.ex-parrot.com/~chris/
All human actions are equivalent, and all are doomed to failure.
(Sartre)