[Vmail-discuss] migrating MD5 hash used in /etc/shadow to vmail-sql
Paul Warren
pdw@xxxxxxxxxxxxx
Fri, 18 May 2001 11:48:15 +0100
On Fri, May 18, 2001 at 11:37:08AM +0100, Chris Lightfoot wrote:
> > Possibly. I think that implementing a straight "use the system crypt()"
> > is a useful thing to do. It just means that people who don't have smart
> > crypt()s won't be able to cut and paste directly from /etc/shadow
> > (assuming that shadow is using something other than system crypt())
>
> On the argument that crypt_md5 passwords are superior to
> ours, we should make them available everywhere :)
What do you mean by "ours" ? Our straight MD5 passwords? If so, why
are they better?
> > OK. The libc info page is the only page I have found that documents
> > what a valid salt is if you want MD5 passwords.
>
> I expect the code does too, though I haven't checked in
> detail :)
Seems likely.
> > > > and anything produced by crypt() is stored as:
> > > >
> > > > {crypt}xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> > >
> > > ... with the proviso that on non-Linux systems we'll need
> > > to look for {crypt}$1$...$.
> >
> > Why? IMHO, if it starts {crypt} we just chuck it at crypt().
>
> No, the way magic smart crypt works is to use the $1$ as a
> magic number, so on non-Linux systems we need to check for
> this explicitly.
Yeah. My point was that if a password is prefixed with {crypt} it
should mean "this password was created by and can be checked with the
system crypt()". So we really don't care what comes after the {crypt},
we just chuck it at crypt(). If it happens that the password is MD5
crypt'ed rather than UNIX-crappy-crypted then all the better. Doing
this means that people on crummy UNIX systems that still haven't
developed shadow passwords and better crypt() functions can cut and
paste passwords from /etc/passwd.
We may also want to implement a {crypt-md5}...
> > Excellent. I believe this needs to go in:
> >
> > tpop3d
> > VE-passwd
> > cgi-bin/setpasswd (or whatever it's called)
> >
> > I'll do the Perl if you don't beat me to it (I'm pretty busy this w/e)
>
> OK. Dunno when I'll get round to that, but I'll probably
> do the tpop3d stuff this pm.
OK.
Paul