Eric, Before I do that, can you see if you can replicate the problem: On Centos7, create an account with a long password and see if you can then log in with the long password. If that fails, then try with the first 16 characters of that password.
-Andy On 10/2/2018 6:28 PM, Eric Broch wrote: > Andrew, > > > On 10/2/2018 7:34 PM, Andrew Swartz wrote: >> 1. vpopmail (or something else) is NOW authenticating against the >> cleartext password instead of the hash. > I don't think so, or I hope not. I've done nothing except compile > vpopmail on CentOS 7 back in 2015 no patches. > The only change, if I remember correctly, is MariaDB requirements rather > the MySQL. >> >> 2. vpopmail (or something else) is NOW truncating the password at 16 >> characters when it is set (i.e. hashed), but not during subsequent >> authentication. > I hope it's something else. >> >> 3. mysql was storing something in the cleartext password field which it >> did not export. This seems unlikely, as I can see 16 characters and the >> field type is "char(16)". I went through the database export file, and >> its contents appear the same as those of the running mysql database on >> Centos5, which is the same as the running mariadb database on Centos7 (I >> view the contents with WebMin). Therefore it appears that the >> backup/restore worked properly. > Maybe something worth my time: Bring up two qmail (w/vpopmail) VM's on > COS5 and COS7. > Next, Create a domain and user entry on COS5 with >16 length password. > Dump the vpopmail db on COS5 (vpopmail-cos5db), and import it on COS7. > Dump the vpopmail db on COS7 (vpopmail-cos7db), and compare (diff) the > two dumps. > If they're the same it could possibly be an issue with the vpopmail > program. > > If you were up to it, you could also create a database called vpopmail1 > on your COS7 machine, > and import the COS5 vpopmail db into it (that way it doesn't mess with > your regular vpopmail db), and > dump it and compare the two (COS5/COS7) dumps. >> >> Does anyone know the details of how vpopmail interacts with the database >> server? Or if any authentication is done by some means other than >> through vpopmail? > Interaction with db by vpopmail is done at compile time. >
smime.p7s
Description: S/MIME Cryptographic Signature
