Re: [courier-users] Blowfish for passwd encryption in a postfix-mysql-courier system
Finally it works!. O.S: Fedora Core 6, but i think it works on diferents RH or RPM based distros. 1.- Obtain the libxcrypt tarball (you can get a copy of the latest version in http://ftp.suse.com/pub/people/kukuk/libxcrypt/). You'll find a spec file to build a rpm install in a similar way as build rpm package for courier-imap or courier-authlib. Install libxcrypt-xx.rpm and libxcrypt-devel-xxx.rpm 2.- In /lib link the diferents libcrypt-xx.so to the new libxcrypt-xx.so 3.- In /usr/lib do a similar replace with the libcrypt.a 4.- Unpack the courier-authlib and add the following lines: File: checkpassword.c Line: 38 from: if (strncmp(encrypted_password, $1$, 3) == 0 || strncasecmp(encrypted_password, {MD5}, 5) == 0 ) to: if (strncmp(encrypted_password, $1$, 3) == 0 || strncasecmp(encrypted_password, {MD5}, 5) == 0 || strncasecmp(encrypted_password, $2a$, 4) == 0 ) File: checkpasswordmd5.c Line: 20 from: if (strncmp(encrypted_password, $1$, 3) == 0) { return (strcmp(encrypted_password, md5_crypt(password, encrypted_password))); } if (strncasecmp(encrypted_password, {MD5}, 5) == 0) { return (strcmp(encrypted_password+5, md5_hash_courier(password))); } to: if (strncmp(encrypted_password, $1$, 3) == 0) { return (strcmp(encrypted_password, md5_crypt(password, encrypted_password))); } if (strncmp(encrypted_password, $2a$, 4) == 0) { return (strcmp(encrypted_password, crypt(password, encrypted_password))); } if (strncasecmp(encrypted_password, {MD5}, 5) == 0) { return (strcmp(encrypted_password+5, md5_hash_courier(password))); } 5.- rebuild and reinstall courier-authlib. Users in a MySQL-db could have their password Blowfish crypted and courier-authlib will authenticate them. -- Omar Martinez [EMAIL PROTECTED] Omar Martinez escribió: Jay Lee wrote: Omar Martinez wrote: Hi, I'm moving a Suse based server: 3000 accounts, MTA: Sendmail, passwd/shadow auth. The new server its Fedora Core 6 with Postfix-Courier-MySQL. Why would you move to a platform that is going to be obsolete in a years time? Fedora is a very bad choice for a server install IMHO. You'd be *much* better off using RHEL4 or CentOS 4. Yeah, maybe you're right SuSe use Blowfish to save the passwords, but Fedora does not recognize this kind of encryption. Compiling libxcrypt and pam_unix2 Fedora can authorize the passwords in the system, But, still courier-authlib can recognize the passwd. After the recompile did you try rebuilding Courier-authlib? Are you rebuilding the libxcrypt and pam_unix2 RPMs or are you just building and installing them manually? Where can I enable BlowFish encryption in courier-authlib ?. My suspicion is that courier-authlib will use Blowfish if the underlying libary *that it was built against *supports blowfish. I follow your advice, but courier-authlib only can use blowfish crypted password if the users are in the passwd/shadow file. This is because authpam use the PAM module, but in the case of authmysql, courier use the definitions of the file checkpassword.c and checkpasswordmd5.c (only md5_crypt and md5_hash_courier functions defined in the md5 directory). I'm working in quickeasy integration of the xcrypt functions in my courier-auth-lib installation. It will be a solution to my problem, but could be a start point for the future integration in the package.. If somebody resolve this problem before, I'll be thankful if can share the solution. Thanks Jay Lee by your advice... -- Omar Martinez [EMAIL PROTECTED] Jay - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Blowfish for passwd encryption in a postfix-mysql-courier system
Hi, I'm moving a Suse based server: 3000 accounts, MTA: Sendmail, passwd/shadow auth. The new server its Fedora Core 6 with Postfix-Courier-MySQL. SuSe use Blowfish to save the passwords, but Fedora does not recognize this kind of encryption. Compiling libxcrypt and pam_unix2 Fedora can authorize the passwords in the system, But, still courier-authlib can recognize the passwd. Where can I enable BlowFish encryption in courier-authlib ?. 10X in advance by all your suggestions.! -- Omar Martinez [EMAIL PROTECTED] - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Blowfish for passwd encryption in a postfix-mysql-courier system
Omar Martinez wrote: Hi, I'm moving a Suse based server: 3000 accounts, MTA: Sendmail, passwd/shadow auth. The new server its Fedora Core 6 with Postfix-Courier-MySQL. Why would you move to a platform that is going to be obsolete in a years time? Fedora is a very bad choice for a server install IMHO. You'd be *much* better off using RHEL4 or CentOS 4. SuSe use Blowfish to save the passwords, but Fedora does not recognize this kind of encryption. Compiling libxcrypt and pam_unix2 Fedora can authorize the passwords in the system, But, still courier-authlib can recognize the passwd. After the recompile did you try rebuilding Courier-authlib? Are you rebuilding the libxcrypt and pam_unix2 RPMs or are you just building and installing them manually? Where can I enable BlowFish encryption in courier-authlib ?. My suspicion is that courier-authlib will use Blowfish if the underlying libary *that it was built against *supports blowfish. Jay smime.p7s Description: S/MIME Cryptographic Signature - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Blowfish for passwd encryption in a postfix-mysql-courier system
Jay Lee wrote: Omar Martinez wrote: Hi, I'm moving a Suse based server: 3000 accounts, MTA: Sendmail, passwd/shadow auth. The new server its Fedora Core 6 with Postfix-Courier-MySQL. Why would you move to a platform that is going to be obsolete in a years time? Fedora is a very bad choice for a server install IMHO. You'd be *much* better off using RHEL4 or CentOS 4. Yeah, maybe you're right SuSe use Blowfish to save the passwords, but Fedora does not recognize this kind of encryption. Compiling libxcrypt and pam_unix2 Fedora can authorize the passwords in the system, But, still courier-authlib can recognize the passwd. After the recompile did you try rebuilding Courier-authlib? Are you rebuilding the libxcrypt and pam_unix2 RPMs or are you just building and installing them manually? Where can I enable BlowFish encryption in courier-authlib ?. My suspicion is that courier-authlib will use Blowfish if the underlying libary *that it was built against *supports blowfish. I follow your advice, but courier-authlib only can use blowfish crypted password if the users are in the passwd/shadow file. This is because authpam use the PAM module, but in the case of authmysql, courier use the definitions of the file checkpassword.c and checkpasswordmd5.c (only md5_crypt and md5_hash_courier functions defined in the md5 directory). I'm working in quickeasy integration of the xcrypt functions in my courier-auth-lib installation. It will be a solution to my problem, but could be a start point for the future integration in the package.. If somebody resolve this problem before, I'll be thankful if can share the solution. Thanks Jay Lee by your advice... -- Omar Martinez [EMAIL PROTECTED] Jay - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users