Hello,
OS: FreeBSD 5.3-RELEASE
Couier-authlib: 0.52 (I know that latest is 0.53, this is the last I got from
ports and I did not see fixes regarding my problem in the changelog on the
courier website)
I am struggling with authpgsql and I found a funny behaviour:
Unfortunately I have two types of encrypted passwords, one long one with
salt, looks like ($1$Gd$AnMZ7D8Knv6/ssb5XcBrr0) and a short one that looks
like (gT8djRBs4jcMg). This is because we are migrating users from old POP3
servers.
Both passwords work find using the system crypt() function, I checked that
with a little perl program. I also checked a bit in the source and see that
courier is using also the crypt() function from the system (checkpassword.c).
The long passwords work fine, the short does not .. so I switched on logging
and what I see is this:
Jan 31 18:22:25 emerald authdaemond: SQL query: SELECT username, password,
'', 26, 6, home, home, '', '', '' FROM view_auth_courier WHERE username =
'[EMAIL PROTECTED]'
Jan 31 18:22:25 emerald authdaemond: supplied password 'fkldjsa' does not
match encrypted password 'tMl.us.Dr5/oU.'
However, if fetching same password with same query from the psql shell:
itn=# select password from view_auth_courier where
username='[EMAIL PROTECTED]';
password
----------------
tMl.us.Dr5/oU
(1 row)
itn=#
See that '.' that is appended to the end of the encrypted password in the
courier log? With that dot of course it can not validate...
NOW exactly same thing with a user having a long password:
Jan 31 18:51:53 emerald authdaemond: SQL query: SELECT username, password,
'', 26, 6, home, home, '', '', '' FROM view_auth_courier WHERE username =
'[EMAIL PROTECTED]'
Jan 31 18:51:53 emerald authdaemond: supplied password 'lkdjf' does not match
encrypted password '$1$Gd$AnMZ7D8Knv6/ssb5XcBrr0'
itn=# select password from view_auth_courier where username='[EMAIL PROTECTED]';
password
------------------------------
$1$Gd$AnMZ7D8Knv6/ssb5XcBrr0
(1 row)
itn=#
100% correct.. and the user can log in without any problems (if I would have
typed the right password). There is no '.' appended in the log of courier..
I hope I am doing something wrong.. there must be more people out there using
small password with pgsql (??)... otherwise I will go bug hunting..
Thanks for any help or advice..
Martin
-------------------------------------------------------
-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
courier-users mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
