The client may send an either in plaintext or in exactly the format you are using in the database -- in which case Sendmail needs to understand it is retrieving a pre-hashed password and should not try to re-hash it before comparing with the client's password or password hash. I am not actually sure if there's an option to let Sendmail know to do this, however.
Aaron On Wed, 2007-07-11 at 12:58 -0500, Stephen Loeckle wrote: > ooooook I understand now :) I was thinking that the client could send > plaintext and i could have the password encrypted in the database. The > reason I was trying this to begin with was a little script I wrote to > convert a passwd/shadow file into dbmail users for a server conversion > so I wouldn't have to know the user's passwords. I guess I'll need to > know these passwords because I'm not willing to brute force the md5 > shadow salts. > > Thanks! > > Stephen > > Quoting Aaron Stone <[EMAIL PROTECTED]>: > > > Ah, right - ok, so either you need plaintext in DBMail and Sendmail will > > retrieve the raw password and hash it as necessary in order to compare > > it with the hashes received from the client, or you need to restrict > > Sendmail down to a single hash mechanism that matched exactly with the > > hashed passwords in DBMail. Remember that password hashed are one-way -- > > if the database contains a hash, and the client sends some other hash, > > there's no way to convert between them in order to authenticate. > > > > Aaron > > > > On Wed, 2007-07-11 at 10:41 -0500, Stephen Loeckle wrote: > >> Oh BTW, these are the types supported by my sendmail install > >> > >> 250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN > >> > >> define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN') > >> TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN') > >> > >> Stephen > >> > >> > >> Quoting Stephen Loeckle <[EMAIL PROTECTED]>: > >> > >> > None of them worked. plaintext is the only one that works. Any ideas? > >> > > >> > Thanks, > >> > > >> > Stephen > >> > > >> > Quoting Aaron Stone <[EMAIL PROTECTED]>: > >> > > >> >> On Tue, 2007-07-10 at 00:50 -0500, Stephen Loeckle wrote: > >> >> > >> >>> This may be more of a sendmail issue but it's odd nonetheless. I have > >> >>> the sendmail auth to dbmail users table as per: > >> >>> > >> >>> http://www.dbmail.org/dokuwiki/doku.php?id=sendmail_howto > >> >>> > >> >>> It works fine but only when the passwd is in plaintext. I cannot get > >> >>> the user to auth to sendmail if the passwd is in md5 and > >> >>> encryption_type is md5. > >> >>> > >> >>> Anyone run into this? > >> >> > >> >> We have a couple of md5 options: md5-hash, md5-digest, md5-base64. Have > >> >> you tried them all to see if one matches sendmail's expected lookup > >> >> format? > >> >> > >> >> Aaron > >> >> > >> >> _______________________________________________ > >> >> DBmail mailing list > >> >> [email protected] > >> >> https://mailman.fastxs.nl/mailman/listinfo/dbmail > >> >> > >> > > >> > > >> > _______________________________________________ > >> > DBmail mailing list > >> > [email protected] > >> > https://mailman.fastxs.nl/mailman/listinfo/dbmail > >> > >> > >> _______________________________________________ > >> DBmail mailing list > >> [email protected] > >> https://mailman.fastxs.nl/mailman/listinfo/dbmail > > > > _______________________________________________ > > DBmail mailing list > > [email protected] > > https://mailman.fastxs.nl/mailman/listinfo/dbmail > > > > > _______________________________________________ > DBmail mailing list > [email protected] > https://mailman.fastxs.nl/mailman/listinfo/dbmail _______________________________________________ DBmail mailing list [email protected] https://mailman.fastxs.nl/mailman/listinfo/dbmail
