Hejsa,
On Fri, 2003-11-07 at 00:21, Tom Collins wrote:
Narrowing the possible scope for each letter to 64 from some larger
group but increasing the entropy that goes into selecting each
character seems like a good idea to me.
Remember that we're only selecting 8 random characters --
On Friday, November 7, 2003, at 06:54 PM, Anders Brander wrote:
Making use of /dev/urandom and/or /dev/random will be high on our
priority list for the 5.5 development series.
You wan't patches? That would be a nice project for little me...
Yep, if you can come up with a patch that checks for the
On Tuesday, November 4, 2003, at 05:40 AM, Nick Harring wrote:
Actually, this is already a right place to put this, which is in
randltr. Oddly that's what's used for generating the salt, but not
what's used for generating the password. Instead the password just
uses an ugly rand call.
I'd
Tom Collins wrote:
On Tuesday, November 4, 2003, at 05:40 AM, Nick Harring wrote:
Actually, this is already a right place to put this, which is in
randltr. Oddly that's what's used for generating the salt, but not
what's used for generating the password. Instead the password just
uses an
On Friday, November 7, 2003, at 02:27 AM, Nick Harring wrote:
I'd even consider modifying the random password generator to not use
letters that can be confused with each other (1/I/l and 0/O).
That'd be foolish in the extreme. If the user, or administrator, wants
passwords that are easy to
On Tuesday, October 28, 2003, at 02:42 AM, Paul L. Allen wrote:
Ummm, some quick digging later and the situation is worse than I
thought.
Not only does vpopmail use rand(), it initializes srand with a variant
of time(NULL) ^ getpid(). time(NULL) ^ getpid() has long been known to
not be a good
Tom Collins wrote:
On Tuesday, October 28, 2003, at 02:42 AM, Paul L. Allen wrote:
Ummm, some quick digging later and the situation is worse than I
thought.
Not only does vpopmail use rand(), it initializes srand with a variant
of time(NULL) ^ getpid(). time(NULL) ^ getpid() has long been
I'm going to try to answer both you and Tom at the same time. One of
the few times I didn't bother checking mail at least once after finishing
on Friday night and I have over 300 waiting for me on Monday morning.
Nick Harring writes:
Tom Collins wrote:
For generating a salt, I think we're
Paul L. Allen wrote:
I'm going to try to answer both you and Tom at the same time. One of
the few times I didn't bother checking mail at least once after finishing
on Friday night and I have over 300 waiting for me on Monday morning.
Nick Harring writes:
Better than what you have,
Nick Harring wrote:
This is the Right Thing imho. It might be easier though to move the
srandom()/random() and new reads from /dev/urandom into a function of
its own, rather than replacing them whereever they're sprinkled
through the code. I realize that's even more work, but its probably
Nick Harring writes:
Storing cleartext passwords is generally horrible security, so this and
that don't really relate to each other.
Except to the extent that vpopmail now supports cleartext passwords
(I have a vague memory they're needed for CRAM authentication)
I whole heartedly agree.
Hello list,
I have vpopmail -with-mysql installation.
I want to create new users like [EMAIL PROTECTED] NOT with vadduser
BUT with just inserting it via mysql-insert into the vpopmail
database.
Any hints,
how I can generate the encrypted password in the column pw_passwd
(looks like this
: Paul L. Allen [mailto:[EMAIL PROTECTED]
Sent: Monday, 27 October 2003 10:08 PM
To: [EMAIL PROTECTED]
Subject: [vchkpw] Re: Inserting new users via mysql-insert
into the vpopmail database
Oliver Etzel - GoodnGo.COM \(R\) writes:
I want to create new users like [EMAIL PROTECTED
Oliver Etzel - GoodnGo.COM \(R\) writes:
I want to create new users like [EMAIL PROTECTED] NOT with vadduser
BUT with just inserting it via mysql-insert into the vpopmail
database.
OK, you have now explained what you want to use instead. Somebody else
pointed out that the maildir will be
Etzel - GoodnGo.COM (R) [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Monday, October 27, 2003 6:47 AM
Subject: [vchkpw] Re: Inserting new users via mysql-insert into the
vpopmail
database
Oliver Etzel - GoodnGo.COM \(R\) writes:
I want to create new users like [EMAIL PROTECTED
Hello Paul, hello all,
Paul: The reason why I do NOT want vadduser or any commandline tool is
that I want to write a perl script which automatize user generation.
Cool would would be If one could run:
vadduser $variable_password
or something like this in
Perl or PHP code!
Regs,
Oliver Etzel
You can do with with Perl's system or exec calls, and I'm sure that
PHP has equivalent calls as well. Just call the binary from your script.
Why not use the product as its architected? Sheez!
Hello Paul, hello all,
Paul: The reason why I do NOT want vadduser or any commandline tool is
Paul L. Allen wrote:
Oliver Etzel - GoodnGo.COM \(R\) writes:
I want to create new users like [EMAIL PROTECTED] NOT with vadduser
BUT with just inserting it via mysql-insert into the vpopmail
database.
OK, you have now explained what you want to use instead. Somebody
]
To: John Johnson [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Monday, October 27, 2003 7:13 AM
Subject: Re: [vchkpw] Re: Inserting new users via mysql-insert into the
vpopmail database
Hello John,
what exactly is the learn password option?
Oliver
He can also enable the learn password option
Johnson [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Monday, October 27, 2003 7:14 AM
Subject: [vchkpw] Re: Inserting new users via mysql-insert into the vpopmail
database
John Johnson writes:
He can also enable the learn password option in vpopmail, I think
this would be an easy way
Hello Paul, hello all,
Oh my god, that is what I was looking for!
Thank you very much. I thought I couldnĀ“t write it all in one
commandline, like you Paul showed us.
Now I write my perl-script for automation. Thank you ALL.
vadduser has always allowed the plaintext password to be specified
on
Oliver Etzel - GoodnGo.COM (R) writes:
Hello Paul, hello all,
Oh my god, that is what I was looking for!
Also, there is also a PERL-module for vpopmail !
It exposes almost all commands via an API.
And if that isn't enought, you can compile PHP with vpopmail-support.
cheers,
Rainer
Message -
From: Paul L. Allen [EMAIL PROTECTED]
To: Oliver Etzel - GoodnGo.COM (R) [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Monday, October 27, 2003 6:47 AM
Subject: [vchkpw] Re: Inserting new users via mysql-insert into
the
vpopmail
database
Oliver Etzel
Hello Rainer,
a perl-module for vpopmail. YES. Is it in CPAN?
How is it called?
Oliver
Also, there is also a PERL-module for vpopmail !
It exposes almost all commands via an API.
And if that isn't enought, you can compile PHP with
vpopmail-support.
cheers,
Rainer
It's in CPAN. Just do a search for vpopmail in CPAN and you will find it.
-John
- Original Message -
From: Oliver Etzel - GoodnGo.COM (R) [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, October 27, 2003 7:36 AM
Subject: Re: [vchkpw] Re: Inserting new users via mysql-insert
Nick Harring writes:
This isn't actually true. Mysql provides an encrypt() function, which
takes two strings, the password and the salt.
You learn something every day. I'd not enountered that function before.
On linux, and I would guess *BSD as well, when you supply $1$ as the
start of
Oliver Etzel - GoodnGo.COM \(R\) writes:
Oh my god, that is what I was looking for!
There is a lesson to be learned. Next time, tell us where your immediate
problem stands in the overall scheme of things. Something like I'm
trying to add a user from perl by inserting them into the MySQL
27 matches
Mail list logo