Mark Bucciarelli writes:
We have a list of user names + encrypted passwords from another web host company. This unamed company was not providing a high enough level of service, and the domain owner is moving his email service to us.Is there any possibility we can just plug the encrypted passwords into the auth backend and have it work?
If the crypt password use any one of the supported hashing functions, then yes.
We know one of the customers and have her clear-text password, so I could test to see if a given hash algorithm generates the same encrypted string. How can I test this and be sure the auth will work in Courier?
You need to determine which hash algorithm is used for the encrypted passwords.
Many of them use salts, so you're going to get a different hash, each time, for the same password.
IIRC, MySql uses it's own crypt algorithm, so unless the other providerwas using MySql's crypt it will not work as the backend. Is this recollection correct?
No, because Courier does not implement the mysql-specific crypt hash function. Courier knows how to compute:
• Traditional UNIX DES crypt function • Modified MD5-based crypt function, as introduced by Linux way back when• Straightforward MD5, SHA1, and SHA256 hashes, base64-encoded and prepended with {MD5}, {SHA}, or {SHA256}.
pgpYAkb1HSUtp.pgp
Description: PGP signature
