If the clear text field is empty, Dovecot will use the Hash. Always
backup first, though.
On 10/3/2018 4:07 PM, Dan McAllister - QMT DNS wrote:
CAUTION:
If we've already determined that Dovecot uses the cleartext field, wouldn't
clearing those fields remove users' Dovecot passwords?
Dan
-----Original Message-----
From: Eric Broch <ebr...@whitehorsetc.com>
Sent: Wednesday, October 3, 2018 5:49 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Passwords after backup/restore
In the mean time, I've written a script to null the clear text pwd field, look
at it, TEST IT, add suggestions, and use at your own risk:
<clearpasswd>
IFS=$'\n'
pass=`cat pfile`
for domain in `echo "show tables" | mysql -u root -p$pass vpopmail | grep -v
dir_control | grep -v Tables_in_vpopmail | grep -v valias | grep -v lastauth` do
for user in `echo "select pw_name from $domain" | mysql -u root -p$pass
vpopmail | grep -v pw_name`
do
clear=`echo "select pw_clear_passwd from $domain where
pw_name='$user'" | mysql -u root -p$pass vpopmail | grep -v pw_clear_passwd`
echo "$user:$domain:($clear)"
# update $domain set pw_clear_passwd='' where pw_name ='$user';
clear=`echo "select pw_clear_passwd from $domain where
pw_name='$user'" | mysql -u root -p$pass vpopmail | grep -v pw_clear_passwd`
echo "$user:$domain:($clear)"
echo
"--------------------------------------------------------------------------"
done
done
</clearpasswd>
Eric
On 10/3/2018 3:30 PM, Dan McAllister - QMT DNS wrote:
One more item -- I agree that the password hashing algorithm could
stand to be updated -- and there is NOT a backward compatibility issue
with updating our algorithms because the mechanism is CODED to show
which algorithm is used (the $1$ currently there, maybe a $6$ in the
future?)
However, we would need to check with the qmail code, as well as DoveCot, to
determine if they can support/recognize those other algorithms.
Dan
-----Original Message-----
From: Eric Broch <ebr...@whitehorsetc.com>
Sent: Wednesday, October 3, 2018 4:34 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Passwords after backup/restore
The newer DoveCot IMAP server "appears" to be authenticating against
the cleartext password
It does. I checked the code.
I've submitted a question to the Dovecot mailing list concerning this, that is,
whether there is a configuration option to authorize against the hash, or
whether there is an option at compile or link time to accomplish the same. It'd
be nice to have a configuration option, IMHO, that way no re-compilation would
be necessary.
--
Eric Broch
White Horse Technical Consulting (WHTC)
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
--
Eric Broch
White Horse Technical Consulting (WHTC)
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
