[Vmail-discuss] migrating MD5 hash used in /etc/shadow to vmail-sql

Chris Lightfoot chris@xxxxxxxxxxxxx
Fri, 18 May 2001 11:37:08 +0100 

On Fri, May 18, 2001 at 11:32:31AM +0100, Paul Warren wrote:
> On Fri, May 18, 2001 at 10:41:15AM +0100, Chris Lightfoot wrote:
> > 
> > Yeah, but this won't be available on the non-Linux systems
> > on which tpop3d runs, so I think including crypt_md5 in
> > the distribution is probably a good bet.
> 
> Possibly.  I think that implementing a straight "use the system crypt()"
> is a useful thing to do.  It just means that people who don't have smart
> crypt()s won't be able to cut and paste directly from /etc/shadow
> (assuming that shadow is using something other than system crypt())

On the argument that crypt_md5 passwords are superior to
ours, we should make them available everywhere :)

> OK.  The libc info page is the only page I have found that documents
> what a valid salt is if you want MD5 passwords.

I expect the code does too, though I haven't checked in
detail :)

> > > and anything produced by crypt() is stored as:
> > > 
> > >     {crypt}xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> > 
> > ... with the proviso that on non-Linux systems we'll need
> > to look for {crypt}$1$...$.
> 
> Why?  IMHO, if it starts {crypt} we just chuck it at crypt().

No, the way magic smart crypt works is to use the $1$ as a
magic number, so on non-Linux systems we need to check for
this explicitly.

> > > I think that the above constitutes useful functionality - the ability to
> > > cut and paste passwords from /etc/passwd or /etc/shadow is a Good Thing.
> > 
> > Yes-- I agree, this is a good idea, and I will implement
> > it.
> 
> Excellent.  I believe this needs to go in:
> 
> tpop3d
> VE-passwd
> cgi-bin/setpasswd (or whatever it's called)
> 
> I'll do the Perl if you don't beat me to it (I'm pretty busy this w/e)

OK. Dunno when I'll get round to that, but I'll probably
do the tpop3d stuff this pm.

-- 
Chris Lightfoot -- www.ex-parrot.com/~chris/
 ``The Fifth Law of Pipes: The outside diameter must exceed the inside
   diameter; otherwise the hole will be on the outside of the pipe.''