Re: [courier-users] Blowfish for passwd encryption in a postfix-mysql-courier system

2007-01-11 Thread Omar Martinez 
Finally it works!.

O.S: Fedora Core 6, but i think it works on diferents RH or RPM based
distros.

1.- Obtain the libxcrypt tarball (you can get a copy of the latest
version in http://ftp.suse.com/pub/people/kukuk/libxcrypt/). You'll find
a spec file to build a rpm install in a similar way as build rpm package
for courier-imap or courier-authlib. Install libxcrypt-xx.rpm and
libxcrypt-devel-xxx.rpm

2.-  In /lib link the diferents libcrypt-xx.so to the new libxcrypt-xx.so

3.- In /usr/lib do a similar replace with the libcrypt.a

4.- Unpack the courier-authlib and add the following lines:

File:  checkpassword.c
Line: 38

from:
if (strncmp(encrypted_password, $1$, 3) == 0
|| strncasecmp(encrypted_password, {MD5}, 5) == 0
)
to:
if (strncmp(encrypted_password, $1$, 3) == 0
|| strncasecmp(encrypted_password, {MD5}, 5) == 0
|| strncasecmp(encrypted_password, $2a$, 4) == 0
)


File: checkpasswordmd5.c
Line: 20

from:
if (strncmp(encrypted_password, $1$, 3) == 0)
{
return (strcmp(encrypted_password,
md5_crypt(password, encrypted_password)));
}

if (strncasecmp(encrypted_password, {MD5}, 5) == 0)
{
   return (strcmp(encrypted_password+5,
md5_hash_courier(password)));
}


to:

if (strncmp(encrypted_password, $1$, 3) == 0)
{
return (strcmp(encrypted_password,
md5_crypt(password, encrypted_password)));
}

if (strncmp(encrypted_password, $2a$, 4) == 0)
{
return (strcmp(encrypted_password,
crypt(password, encrypted_password)));
}

if (strncasecmp(encrypted_password, {MD5}, 5) == 0)
{
   return (strcmp(encrypted_password+5,
md5_hash_courier(password)));
}


5.- rebuild and reinstall courier-authlib. Users in a MySQL-db could
have their password Blowfish crypted and courier-authlib will
authenticate them.

--
Omar Martinez
[EMAIL PROTECTED]


Omar Martinez escribió:
 Jay Lee wrote:
 Omar Martinez wrote:
 Hi,

 I'm moving a Suse based server: 3000 accounts, MTA: Sendmail,
 passwd/shadow auth. The new server its Fedora Core 6 with
 Postfix-Courier-MySQL.
   
 Why would you move to a platform that is going to be obsolete in a years
 time?  Fedora is a very bad choice for a server install IMHO.  You'd be
 *much* better off using RHEL4 or CentOS 4.
 
 Yeah, maybe you're right
 
 SuSe use Blowfish to save the passwords, but Fedora does not recognize
 this kind of encryption. Compiling  libxcrypt and pam_unix2 Fedora can
 authorize the passwords in the system, But, still courier-authlib can
 recognize the passwd.
   
 After the recompile did you try rebuilding Courier-authlib?  Are you
 rebuilding the libxcrypt and pam_unix2 RPMs or are you just building and
 installing them manually?
 Where can I enable BlowFish encryption in courier-authlib ?.
   
 My suspicion is that courier-authlib will use Blowfish if the underlying
 libary *that it was built against *supports blowfish.
 
 I follow your advice, but courier-authlib only can use blowfish crypted
 password if the users are in the passwd/shadow file. This is because
 authpam use the PAM module, but in the case of authmysql, courier use
 the definitions of the file checkpassword.c and checkpasswordmd5.c (only
 md5_crypt and md5_hash_courier functions defined in the md5 directory).
 
 I'm working in quickeasy integration of the xcrypt functions in my
 courier-auth-lib installation. It will be a solution to my problem, but
 could be a start point for the future integration in the package..
 
 If somebody resolve this problem before, I'll be thankful if can share
 the solution.
 
 Thanks Jay Lee by your advice...
 
 --
 Omar Martinez
 [EMAIL PROTECTED]
 
 
 
 Jay
 
 
 -
 Take Surveys. Earn Cash. Influence the Future of IT
 Join SourceForge.net's Techsay panel and you'll get the chance to share your
 opinions on IT  business topics through brief surveys - and earn cash
 http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
 ___
 courier-users mailing list
 courier-users@lists.sourceforge.net
 Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
 


-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] Blowfish for passwd encryption in a postfix-mysql-courier system

2007-01-10 Thread Omar Martinez 
Hi,

I'm moving a Suse based server: 3000 accounts, MTA: Sendmail,
passwd/shadow auth. The new server its Fedora Core 6 with
Postfix-Courier-MySQL.


SuSe use Blowfish to save the passwords, but Fedora does not recognize
this kind of encryption. Compiling  libxcrypt and pam_unix2 Fedora can
authorize the passwords in the system, But, still courier-authlib can
recognize the passwd.


Where can I enable BlowFish encryption in courier-authlib ?.

10X in advance by all your suggestions.!


--
Omar Martinez
[EMAIL PROTECTED]

-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Blowfish for passwd encryption in a postfix-mysql-courier system

2007-01-10 Thread Omar Martinez 

Jay Lee wrote:
 Omar Martinez wrote:
 Hi,

 I'm moving a Suse based server: 3000 accounts, MTA: Sendmail,
 passwd/shadow auth. The new server its Fedora Core 6 with
 Postfix-Courier-MySQL.
   
 Why would you move to a platform that is going to be obsolete in a years
 time?  Fedora is a very bad choice for a server install IMHO.  You'd be
 *much* better off using RHEL4 or CentOS 4.

Yeah, maybe you're right

 SuSe use Blowfish to save the passwords, but Fedora does not recognize
 this kind of encryption. Compiling  libxcrypt and pam_unix2 Fedora can
 authorize the passwords in the system, But, still courier-authlib can
 recognize the passwd.
   
 After the recompile did you try rebuilding Courier-authlib?  Are you
 rebuilding the libxcrypt and pam_unix2 RPMs or are you just building and
 installing them manually?
 Where can I enable BlowFish encryption in courier-authlib ?.
   
 My suspicion is that courier-authlib will use Blowfish if the underlying
 libary *that it was built against *supports blowfish.

I follow your advice, but courier-authlib only can use blowfish crypted
password if the users are in the passwd/shadow file. This is because
authpam use the PAM module, but in the case of authmysql, courier use
the definitions of the file checkpassword.c and checkpasswordmd5.c (only
md5_crypt and md5_hash_courier functions defined in the md5 directory).

I'm working in quickeasy integration of the xcrypt functions in my
courier-auth-lib installation. It will be a solution to my problem, but
could be a start point for the future integration in the package..

If somebody resolve this problem before, I'll be thankful if can share
the solution.

Thanks Jay Lee by your advice...

--
Omar Martinez
[EMAIL PROTECTED]



 
 Jay


-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users