how do we address the new users?

Clear passwords still be set.. Eric, are you going to patch it to disable clear 
password on vpopmail?

Ciao,
Remo

--

> On Wednesday, Oct 03, 2018 at 20:51, Eric Broch <ebr...@whitehorsetc.com 
> (mailto:ebr...@whitehorsetc.com)> wrote:
> Hi Andy,
>
> I got it to work.
>
> In '/etc/dovecot/toaster.conf' add 'mail_location = maildir:~/Maildir'
>
> and make sure of 'auth_mechanisms = plain login'
>
> In '/etc/squirrelmail/config_local.php' here are my imap settings:
>
> $imapServerAddress = 'localhost';
> $imap_server_type = 'dovecot';
> $imap_auth_mech = 'login';
>
> worked for my squirrelmail setup, hope you get it working
>
> -Eric
>
>
> On 10/3/2018 9:18 PM, Andrew Swartz wrote:
> > And I'll add that at the end, with pw_clear_passwd set to null, login
> > succeeds via IMAP but fails via Squirrelmail.
> >
> > -Andy
> >
> >
> >
> > -------- Forwarded Message --------
> > Subject: Re: [qmailtoaster] dovecot
> > Date: Wed, 3 Oct 2018 19:12:11 -0800
> > From: Andrew Swartz <awswa...@acsalaska.net>
> > To: qmailtoaster-list@qmailtoaster.com
> >
> > Eric,
> >
> > With pw_clear_passwd set to '0123456789' I successfully logged in via
> > this technique using password '0123456789'.
> >
> > I used SQL to reset pw_clear_passwd to null.
> >
> > Again I successfully logged in via this technique using password
> > '0123456789'.
> >
> >
> > -Andy
> >
> >
> >
> > On 10/3/2018 6:02 PM, Eric Broch wrote:
> > > Try the CLI commands I sent. There can be issues with the configuration
> > > of squirrelmail and roundcube.
> > >
> > > IMAP:
> > >
> > > # openssl s_client -crlf -connect localhost:993
> > >
> > > imap> tag login u...@domain.tld $userpassword
> > >
> > >
> > > Submission:
> > >
> > > # cd /usr/local/bin
> > > # wget http://www.jetmore.org/john/code/swaks/latest/swaks
> > > # chown root.root swaks
> > > # chmod +x swaks
> > >
> > > # swaks --to some...@remotedomain.tld --from u...@domain.tld --server
> > > $yourqmthost --port 587 --ehlo test -tls --auth login --auth-user
> > > u...@domain.tld --auth-password $userpassword
> > >
> > >
> > > On 10/3/2018 7:45 PM, Andrew Swartz wrote:
> > > > Eric,
> > > >
> > > > On Centos7 QMT:
> > > >
> > > > I just created a new user account and set the password to '0123456789'.
> > > > Then I used your SQL command to set pw_clear_passwd to null.
> > > > Then I viewed the table to confirm it was empty (it was).
> > > > Then I tried to log in to Squirrelmail using password '0123456789':
> > > > Login failed.
> > > > Then I used your SQL command to reset pw_clear_passwd back to 
> > > > '0123456789'.
> > > > Then I tried to log in to Squirrelmail using password '0123456789':
> > > > success.
> > > >
> > > > This seems different from your experience.
> > > >
> > > > This sucks because it seems to mean no easy fix for this problem.
> > > >
> > > >
> > > > -Andy
> > > >
> > > >
> > > >
> > > >
> > > > On 10/3/2018 4:24 PM, Eric Broch wrote:
> > > > > I've been contacted by someone who removed the clear text password 
> > > > > from
> > > > > an account and had issued logging into Dovecot even after a restart. 
> > > > > The
> > > > > fix of course is to reset the password with 
> > > > > /home/vpopmail/bin/vpasswd.
> > > > > Does anyone else want to confirm/refute my findings that w/o the clear
> > > > > text password Dovecot will work?
> > > > >
> > > --
> > > Eric Broch
> > > White Horse Technical Consulting (WHTC)
> > >
> >
>
> --
> Eric Broch
> White Horse Technical Consulting (WHTC)
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>

Attachment: signature.asc
Description: PGP signature

Reply via email to