For the record on FreeBSD systems!
The use of DES/MD5 is controlled entirely by the crypt libraries. Vpopmail
doesn't control the use of DES/MD5 passwords. If you dig through the source
you can see that it sends the entire crypted password as the crypt key. ie..
crypt( 'joeblow', 'hJPcq6ffTNHuI'); for DES
crypt( 'joeblow', '$1$qKMDvF5y$bcpzwp1mNbCQuTQYvkkeX.'); for MD5
The 'key' to understanding the whole mess is in the first 2 characters of
the 'crypted' password. $1 is MD5, $2 is Blowfish (I think), the othere
type is DES. On FreeBSD the DES libraries. libdescrypt is the DES+MD5
library. The other libscrypt is the "Export Controlled" MD5 only library.
Currently I have vpopmail+mysql authenticating successfully for BOTH MD5 and
DES passwords concurrently with no hitches. This is using the libdescrypt
library.
If you want to play with the functionality of the libraries I suggest using
perl in a script like this to see the effects.
#!/usr/bin/perl
if(!$ARGV[1]) {
print "USAGE: <script> <password> <salt>\n";
}
print "DES Pass: ".crypt($ARGV[0],"$ARGV[1]")."\n";
print "MD5 Pass: ".crypt($ARGV[0],"\$1\$$ARGV[1]\$")."\n";
