The limitation comes in with what SASL can work with. I was able to
migrate all of my users passwords that were in md5 format to dbmail and
setting the encryption_type to 'crypt'. I believe that I could only get
plain/login methods to work, but I did not need to reset any passwords.
This will only work if your passwords are md5's with 12 character salts.
-Jon
Aaron Stone wrote:
The client may send an either in plaintext or in exactly the format you
are using in the database -- in which case Sendmail needs to understand
it is retrieving a pre-hashed password and should not try to re-hash it
before comparing with the client's password or password hash. I am not
actually sure if there's an option to let Sendmail know to do this,
however.
Aaron
On Wed, 2007-07-11 at 12:58 -0500, Stephen Loeckle wrote:
ooooook I understand now :) I was thinking that the client could send
plaintext and i could have the password encrypted in the database. The
reason I was trying this to begin with was a little script I wrote to
convert a passwd/shadow file into dbmail users for a server conversion
so I wouldn't have to know the user's passwords. I guess I'll need to
know these passwords because I'm not willing to brute force the md5
shadow salts.
Thanks!
Stephen
Quoting Aaron Stone <[EMAIL PROTECTED]>:
Ah, right - ok, so either you need plaintext in DBMail and Sendmail will
retrieve the raw password and hash it as necessary in order to compare
it with the hashes received from the client, or you need to restrict
Sendmail down to a single hash mechanism that matched exactly with the
hashed passwords in DBMail. Remember that password hashed are one-way --
if the database contains a hash, and the client sends some other hash,
there's no way to convert between them in order to authenticate.
Aaron
On Wed, 2007-07-11 at 10:41 -0500, Stephen Loeckle wrote:
Oh BTW, these are the types supported by my sendmail install
250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')
TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')
Stephen
Quoting Stephen Loeckle <[EMAIL PROTECTED]>:
None of them worked. plaintext is the only one that works. Any ideas?
Thanks,
Stephen
Quoting Aaron Stone <[EMAIL PROTECTED]>:
On Tue, 2007-07-10 at 00:50 -0500, Stephen Loeckle wrote:
This may be more of a sendmail issue but it's odd nonetheless. I have
the sendmail auth to dbmail users table as per:
http://www.dbmail.org/dokuwiki/doku.php?id=sendmail_howto
It works fine but only when the passwd is in plaintext. I cannot get
the user to auth to sendmail if the passwd is in md5 and
encryption_type is md5.
Anyone run into this?
We have a couple of md5 options: md5-hash, md5-digest, md5-base64. Have
you tried them all to see if one matches sendmail's expected lookup
format?
Aaron
_______________________________________________
DBmail mailing list
[email protected]
https://mailman.fastxs.nl/mailman/listinfo/dbmail
_______________________________________________
DBmail mailing list
[email protected]
https://mailman.fastxs.nl/mailman/listinfo/dbmail
_______________________________________________
DBmail mailing list
[email protected]
https://mailman.fastxs.nl/mailman/listinfo/dbmail
_______________________________________________
DBmail mailing list
[email protected]
https://mailman.fastxs.nl/mailman/listinfo/dbmail
_______________________________________________
DBmail mailing list
[email protected]
https://mailman.fastxs.nl/mailman/listinfo/dbmail
_______________________________________________
DBmail mailing list
[email protected]
https://mailman.fastxs.nl/mailman/listinfo/dbmail
_______________________________________________
DBmail mailing list
[email protected]
https://mailman.fastxs.nl/mailman/listinfo/dbmail
