On Friday, November 7, 2003, at 06:54 PM, Anders Brander wrote:
Making use of /dev/urandom and/or /dev/random will be high on our
priority list for the 5.5 development series.
You wan't patches? That would be a nice project for little me...
Yep, if you can come up with a patch that checks for the
Hejsa,
On Fri, 2003-11-07 at 00:21, Tom Collins wrote:
> > Narrowing the possible scope for each letter to 64 from some larger
> > group but increasing the entropy that goes into selecting each
> > character seems like a good idea to me.
> Remember that we're only selecting 8 random characters
On Friday, November 7, 2003, at 02:27 AM, Nick Harring wrote:
I'd even consider modifying the random password generator to not use
letters that can be confused with each other (1/I/l and 0/O).
That'd be foolish in the extreme. If the user, or administrator, wants
passwords that are "easy to reme
Tom Collins wrote:
On Tuesday, November 4, 2003, at 05:40 AM, Nick Harring wrote:
Actually, this is already a right place to put this, which is in
randltr. Oddly that's what's used for generating the salt, but not
what's used for generating the password. Instead the password just
uses an ugly
On Tuesday, November 4, 2003, at 05:40 AM, Nick Harring wrote:
Actually, this is already a right place to put this, which is in
randltr. Oddly that's what's used for generating the salt, but not
what's used for generating the password. Instead the password just
uses an ugly rand call.
I'd chang
Nick Harring writes:
> Storing cleartext passwords is generally horrible security, so this and
> that don't really relate to each other.
Except to the extent that vpopmail now supports cleartext passwords
(I have a vague memory they're needed for CRAM authentication)
> I whole heartedly agree.
Nick Harring wrote:
This is the Right Thing imho. It might be easier though to move the
srandom()/random() and new reads from /dev/urandom into a function of
its own, rather than replacing them whereever they're sprinkled
through the code. I realize that's even more work, but its probably
more
Paul L. Allen wrote:
I'm going to try to answer both you and Tom at the same time. One of
the few times I didn't bother checking mail at least once after finishing
on Friday night and I have over 300 waiting for me on Monday morning.
Nick Harring writes:
Better than what you have, but
I'm going to try to answer both you and Tom at the same time. One of
the few times I didn't bother checking mail at least once after finishing
on Friday night and I have over 300 waiting for me on Monday morning.
Nick Harring writes:
> Tom Collins wrote:
> > For generating a salt, I think we're
Tom Collins wrote:
On Tuesday, October 28, 2003, at 02:42 AM, Paul L. Allen wrote:
Ummm, some quick digging later and the situation is worse than I
thought.
Not only does vpopmail use rand(), it initializes srand with a variant
of time(NULL) ^ getpid(). time(NULL) ^ getpid() has long been know
On Tuesday, October 28, 2003, at 02:42 AM, Paul L. Allen wrote:
Ummm, some quick digging later and the situation is worse than I
thought.
Not only does vpopmail use rand(), it initializes srand with a variant
of time(NULL) ^ getpid(). time(NULL) ^ getpid() has long been known to
not be a good wa
Oliver Etzel - GoodnGo.COM \(R\) writes:
> Oh my god, that is what I was looking for!
There is a lesson to be learned. Next time, tell us where your immediate
problem stands in the overall scheme of things. Something like "I'm
trying to add a user from perl by inserting them into the MySQL dat
Nick Harring writes:
> This isn't actually true. Mysql provides an encrypt() function, which
> takes two strings, the password and the salt.
You learn something every day. I'd not enountered that function before.
> On linux, and I would guess *BSD as well, when you supply $1$ as the
> start of
[EMAIL PROTECTED]>
> Sent: Monday, October 27, 2003 7:36 AM
> Subject: Re: [vchkpw] Re: Inserting new users via mysql-insert into
the
> vpopmail database
>
>
> > Hello Rainer,
> >
> > a perl-module for vpopmail. YES. Is it in CPAN?
> > How is it called?
> >
Oliver Etzel - GoodnGo.COM \(R\):
> a perl-module for vpopmail. YES. Is it in CPAN?
> How is it called?
It's not that hard, is it?
http://www.google.com/search?q=perl+vpopmail
Second hit.
It's in CPAN. Just do a search for vpopmail in CPAN and you will find it.
-John
- Original Message -
From: "Oliver Etzel - GoodnGo.COM (R)" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, October 27, 2003 7:36 AM
Subject: Re: [vchkpw] Re: Inserting
Hello Rainer,
a perl-module for vpopmail. YES. Is it in CPAN?
How is it called?
Oliver
> Also, there is also a PERL-module for vpopmail !
>
> It exposes almost all commands via an API.
>
> And if that isn't enought, you can compile PHP with
vpopmail-support.
>
>
>
>
> cheers,
> Rainer
>
>
>
D]>
> Sent: Monday, October 27, 2003 7:13 AM
> Subject: Re: [vchkpw] Re: Inserting new users via mysql-insert into
the
> vpopmail database
>
>
> > Hello John,
> >
> > what exactly is the "learn password" option?
> >
> > Oliver
> >
> &g
Oliver Etzel - GoodnGo.COM (R) writes:
Hello Paul, hello all,
Oh my god, that is what I was looking for!
Also, there is also a PERL-module for vpopmail !
It exposes almost all commands via an API.
And if that isn't enought, you can compile PHP with vpopmail-support.
cheers,
Rainer
Hello Paul, hello all,
Oh my god, that is what I was looking for!
Thank you very much. I thought I couldnĀ“t write it all in one
commandline, like you Paul showed us.
Now I write my perl-script for automation. Thank you ALL.
> vadduser has always allowed the plaintext password to be specified
> o
t;[EMAIL PROTECTED]>
To: "John Johnson" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Monday, October 27, 2003 7:14 AM
Subject: [vchkpw] Re: Inserting new users via mysql-insert into the vpopmail
database
>
> John Johnson writes:
>
> > He can also enabl
Hello Paul, hello all,
Oh my god, that is what I was looking for!
Thank you very much. I thought I could write it all in one
commandline#
Know I write my perl-script for automation. Thank you ALL.
Oliver
> vadduser has always allowed the plaintext password to be specified
> on the command line a
ROTECTED]>
To: "John Johnson" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Monday, October 27, 2003 7:13 AM
Subject: Re: [vchkpw] Re: Inserting new users via mysql-insert into the
vpopmail database
> Hello John,
>
> what exactly is the "learn password&qu
Paul L. Allen wrote:
Oliver Etzel - GoodnGo.COM \(R\) writes:
I want to create new users like [EMAIL PROTECTED] NOT with vadduser
BUT with just inserting it via mysql-insert into the vpopmail
database.
OK, you have now explained what you want to use instead. Somebody
Oliver Etzel - GoodnGo.COM \(R\) writes:
> Paul: The reason why I do NOT want vadduser or any commandline tool is
> that I want to write a perl script which automatize user generation.
>
> Cool would would be If one could run:
> vadduser $variable_password
> or something like this in
> Perl or P
You can do with with Perl's "system" or "exec" calls, and I'm sure that
PHP has equivalent calls as well. Just call the binary from your script.
Why not use the product as its architected? Sheez!
> Hello Paul, hello all,
>
> Paul: The reason why I do NOT want vadduser or any commandline tool
Hello Paul, hello all,
Paul: The reason why I do NOT want vadduser or any commandline tool is
that I want to write a perl script which automatize user generation.
Cool would would be If one could run:
vadduser $variable_password
or something like this in
Perl or PHP code!
Regs,
Oliver Etzel
>
John Johnson writes:
> He can also enable the learn password option in vpopmail, I think
> this would be an easy way to deal with it myself.
It's hard to tell since he didn't say why he wanted to do it in the
first place. The problems with the learn password option are that there
is a window o
"Paul L. Allen" <[EMAIL PROTECTED]>
> To: "Oliver Etzel - GoodnGo.COM (R)" <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Monday, October 27, 2003 6:47 AM
> Subject: [vchkpw] Re: Inserting new users via mysql-insert into the
vpopmail
> datab
ECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Monday, October 27, 2003 6:47 AM
Subject: [vchkpw] Re: Inserting new users via mysql-insert into the vpopmail
database
>
> Oliver Etzel - GoodnGo.COM \(R\) writes:
>
> > I want to create new users like [EMAIL PROTECTED] NOT with vadduser
Oliver Etzel - GoodnGo.COM \(R\) writes:
> I want to create new users like [EMAIL PROTECTED] NOT with vadduser
> BUT with just inserting it via mysql-insert into the vpopmail
> database.
OK, you have now explained what you want to use instead. Somebody else
pointed out that the maildir will be
age-
>From: Paul L. Allen [mailto:[EMAIL PROTECTED]
>Sent: Monday, 27 October 2003 10:08 PM
>To: [EMAIL PROTECTED]
>Subject: [vchkpw] Re: Inserting new users via mysql-insert
>into the vpopmail database
>
>
>
>Oliver Etzel - GoodnGo.COM \(R\) writes:
>
>> I want to
Hello list,
I have vpopmail -with-mysql installation.
I want to create new users like [EMAIL PROTECTED] NOT with vadduser
BUT with just inserting it via mysql-insert into the vpopmail
database.
Any hints,
how I can generate the encrypted password in the column pw_passwd
(looks like this $1$S
Oliver Etzel - GoodnGo.COM \(R\) writes:
> I want to create new users like [EMAIL PROTECTED] NOT with vadduser
Why would you not want to use vadduser?
> BUT with just .
With just what?
> Any hints,
> how I can generate the encrypted password in the column pw_passwd
> (looks like this $1$S/TP
34 matches
Mail list logo