Re: [vchkpw] password generation - vpopmail table - pw_passwd
Hello Remo, hello all, I know that vadduser will do that, but I want to generate just the password so that I can insert it solely into the vpopmail mysl-database. I other words I don´t want to make ./vadduser ... first, I just want generate thi user in my database. Is taht working? Regs, Oliver Vadduser -r With the new version that will generate the passwd for the user. Remo Hello list, I have vpopmail -with-mysql installation. In which way passwords are storedin the vpopmail table under pw_passwd? How can I generate such passwords from commandline? Regs, Oliver Etzel
[vchkpw] [OT?] QmailAdmin and Ezmlm-idx
Sorry if this is the wrong list... I couldn't find an appropriate list for qmailadmin and the ezmlm list will only tell you that you shouldn't be using a web interface. :-) After successfully troubleshooting a couple of problems, I've now got ezmlm-idx installed and delivering mail just fine, but it doesn't seem to be recognizing the options for a moderated list and posting by members only. If I do an ls-l on ~vpopmail/domains/domain_name/list_name/ before and after I change options using qmailadmin, I can see the timestamp updated, but ezmlm-idx still doesn't restrict posting or hold the message for moderator approval. When I applied the idx patches to ezmlm it didn't give me any errors or anything indicating there was a problem. Is there something I'm missing? TIA, Jacob - GnuPG Key: 1024D/16377135 I prefer an OS made by programmers that need marketing that an OS made by marketing that need programmers... http://www.linux.org pgp0.pgp Description: PGP signature
Re: [vchkpw] Problems with 5.3.29
hi tom! already gone? i have a problem with the pop auth... i get for every user a pop access denied.. it's not apop. i have compiled without the roaming-user option. greets Martin -- Martin Kos Handy +41-76-384-93-33 http://kos.li/ICQ# 13556143Fax +49-89-244-323-681 Say NO to HTML in mail Proudly running Debian GNU/Linux. See http://www.debian.org/
Re: [vchkpw] Problems with 5.3.29
On Saturday 25 October 2003 01:45, Martin Kos wrote: hi tom! already gone? i have a problem with the pop auth... i get for every user a pop access denied.. it's not apop. i have compiled without the roaming-user option. even when you telnet to 110? please give us the exact error message, and provide us with some more information about your setup (mysql/cdb/...?) -- Mit internetten Grüßen / Best Regards --- Justin Heesemannionium Technologies [EMAIL PROTECTED]www.ionium.org
Re: [vchkpw] Problems with 5.3.29
On Sat, 25 Oct 2003, Justin Heesemann wrote: even when you telnet to 110? yes vchkpw-pop3: pop access denied [EMAIL PROTECTED]:10.1.0.13 please give us the exact error message, and provide us with some more information about your setup (mysql/cdb/...?) i'm using vpopmail with mysql. i have compiled vpopmail with: ./configure --enable-apop=y --enable-mysql=y --enable-learn-passwords=y --enable-logging=v --enable-mysql-logging=y --enable-auth-logging=y --enable-libdir=/usr/lib i'll try to disable apop and see what happens. greets Martin -- Martin Kos Handy +41-76-384-93-33 http://kos.li/ICQ# 13556143Fax +49-89-244-323-681 Say NO to HTML in mail Proudly running Debian GNU/Linux. See http://www.debian.org/
Re: [vchkpw] password generation - vpopmail table - pw_passwd
On Friday 24 October 2003 10:57, Oliver Etzel - GoodnGo.COM (R) wrote: Hello Remo, hello all, I know that vadduser will do that, but I want to generate just the password so that I can insert it solely into the vpopmail mysl-database. I other words I don´t want to make ./vadduser ... first, I just want generate thi user in my database. basically vpopmail uses your systems crypt function. just have a look at the other passwords created by the vpasswd function. do they start with $1$ ? then they are probably md5 crypted passwords. if they don't, then they are probably normal des crypted passwords. (you can check that with `grep MD5_PASSWORDS /path/to/vpopmail/source/config.h`) i don't now if you are using php or anything like that, but most languages support some kind of crypt() call. -- Mit internetten Grüßen / Best Regards --- Justin Heesemannionium Technologies [EMAIL PROTECTED]www.ionium.org
Re: [vchkpw] Problems with 5.3.29
On Saturday 25 October 2003 02:04, Martin Kos wrote: On Sat, 25 Oct 2003, Justin Heesemann wrote: even when you telnet to 110? yes vchkpw-pop3: pop access denied [EMAIL PROTECTED]:10.1.0.13 please give us the exact error message, and provide us with some more information about your setup (mysql/cdb/...?) i'm using vpopmail with mysql. i have compiled vpopmail with: ./configure --enable-apop=y --enable-mysql=y --enable-learn-passwords=y --enable-logging=v --enable-mysql-logging=y --enable-auth-logging=y --enable-libdir=/usr/lib i'll try to disable apop and see what happens. and which version did you update from? are you still able to add new users/domains ? -- Mit internetten Grüßen / Best Regards --- Justin Heesemannionium Technologies [EMAIL PROTECTED]www.ionium.org
Re: [vchkpw] Problems with 5.3.29
On Sat, 25 Oct 2003, Justin Heesemann wrote: and which version did you update from? .27 or .28, i'm not sure :-( are you still able to add new users/domains ? yes, works just fine. but i can't login via POP with the new created user :-( i've tried to do a fresh compile withou apop, but that doesn't make a difference. Martin -- Martin Kos Handy +41-76-384-93-33 http://kos.li/ICQ# 13556143Fax +49-89-244-323-681 Say NO to HTML in mail Proudly running Debian GNU/Linux. See http://www.debian.org/
[vchkpw] Re: password generation - vpopmail table - pw_passwd
Justin Heesemann writes: i don't now if you are using php or anything like that, but most languages support some kind of crypt() call. It is debatable what level of entropy is required for the salt when generating a password for vpopmail use. If you want maximum security, and already require the use of only the SSL forms of POP, IMAP and webmail access, and are completely paranoid that some rogue system user might just somehow find a loophole that allows access to the MySQL database, then you probably want high-entropy salt. But don't forget to switch off the plain text password feature. If you have the plain text password feature enabled, then you probably don't run a server belonging to the US military, the CIA or the NSA. You probably trust all your system users sufficiently and/or you are not too worried about passwords being stolen because you know your users will choose incredibly stupid passwords that crack can find in a couple of minutes. Basically, if you have plain text passwords enabled the entropy of the salt is irrelevant and you might as well use the same DES-style salt for each password. Nevertheless, there is a simple way of generating crypted passwords which just happens to have reasonably high-entropy salt (assuming the people who wrote certain portions of your flavour of Unix were competent) which is appropriate in either situation. Create a system user without shell access. Use passwd to set that user's password. Copy the crypted password in /etc/shadow into your MySQL table. It's relatively painless to do and guarantees good entropy on the salt if you happen to need it. You could even automate it with a little perl if you're feeling lazy. Which reminds me. I haven't got around to playing with the newer vpopmails with password generation (the release I'm using does everything I must have while later releases have bugs in areas that affect the must-have stuff). Does it use /dev/random or /dev/urandom if available? Does it use a sensible method of reducing the 0-255 range that /dev/random or /dev/urandom or rand() (spit) return into the salt range or does it do something silly that biases the results? If Knuth's descriptions of his algorithms for mapping random bytes to a reduced range leave you with brain-ache (they do me) then simply discarding any byte outside the range and getting another one is a reasonable approach with /dev/random and /dev/urandom. -- Paul Allen Softflare Support
