[Vmail-discuss] migrating MD5 hash used in /etc/shadow to vmail-sql
Chris Lightfoot
chris@xxxxxxxxxxxxx
Fri, 18 May 2001 11:37:08 +0100
On Fri, May 18, 2001 at 11:32:31AM +0100, Paul Warren wrote:
> On Fri, May 18, 2001 at 10:41:15AM +0100, Chris Lightfoot wrote:
> >
> > Yeah, but this won't be available on the non-Linux systems
> > on which tpop3d runs, so I think including crypt_md5 in
> > the distribution is probably a good bet.
>
> Possibly. I think that implementing a straight "use the system crypt()"
> is a useful thing to do. It just means that people who don't have smart
> crypt()s won't be able to cut and paste directly from /etc/shadow
> (assuming that shadow is using something other than system crypt())
On the argument that crypt_md5 passwords are superior to
ours, we should make them available everywhere :)
> OK. The libc info page is the only page I have found that documents
> what a valid salt is if you want MD5 passwords.
I expect the code does too, though I haven't checked in
detail :)
> > > and anything produced by crypt() is stored as:
> > >
> > > {crypt}xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> >
> > ... with the proviso that on non-Linux systems we'll need
> > to look for {crypt}$1$...$.
>
> Why? IMHO, if it starts {crypt} we just chuck it at crypt().
No, the way magic smart crypt works is to use the $1$ as a
magic number, so on non-Linux systems we need to check for
this explicitly.
> > > I think that the above constitutes useful functionality - the ability to
> > > cut and paste passwords from /etc/passwd or /etc/shadow is a Good Thing.
> >
> > Yes-- I agree, this is a good idea, and I will implement
> > it.
>
> Excellent. I believe this needs to go in:
>
> tpop3d
> VE-passwd
> cgi-bin/setpasswd (or whatever it's called)
>
> I'll do the Perl if you don't beat me to it (I'm pretty busy this w/e)
OK. Dunno when I'll get round to that, but I'll probably
do the tpop3d stuff this pm.
--
Chris Lightfoot -- www.ex-parrot.com/~chris/
``The Fifth Law of Pipes: The outside diameter must exceed the inside
diameter; otherwise the hole will be on the outside of the pipe.''