Re: [vchkpw] Re: smtp auth - md5 & learn pass
On Jun 19, 2005, at 12:55 PM, Casey Allen Shobe wrote: On Sunday 19 June 2005 19:52, Casey Allen Shobe wrote: That works, but that's not useful since none of the client logins (pop3 or imap) update the password file. SMTP logins *do*, but they are considerably more rare... And many accounts exist for POP3 polling only, and the end user only uses one account to SMTP auth with for any address he sends from. Does dovecot link directly to libvpopmail? If so, did you recompile dovecot after enabling learn passwords and cleartext passwords in vpopmail? If not, it's still linked to the old vpopmail code. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com
[vchkpw] Re: smtp auth - md5 & learn pass
Hello Casey, On Sunday, June 19, 2005 at 9:52:55 PM Casey wrote: >> printf "[EMAIL PROTECTED]" |vchkpw /usr/bin/env >> 3<&0 - check if environment was printed (should be with correct >> password presented) >> - check 'vpasswd' and 'vpasswd.cdb'. > That works [...] If *THAT* works your dovecot must use something else but this 'vchkpw' you used, or use non-plain authentication (I don't know dovecot, so I don't know about its capabilities), because else it does nothing different than printing username-password string to file descriptor 3 of vchkpw and vchkpw than updates vpasswd. -- Best regards Peter Palmreuther A woman is like a dresser ... some man always goin' through her drawers.
Re: [vchkpw] Re: smtp auth - md5 & learn pass
On Sunday 19 June 2005 19:52, Casey Allen Shobe wrote: > That works, but that's not useful since none of the client logins > (pop3 or imap) update the password file. SMTP logins *do*, but > they are considerably more rare... And many accounts exist for POP3 polling only, and the end user only uses one account to SMTP auth with for any address he sends from. Cheers, -- Casey Allen Shobe | http://casey.shobe.info [EMAIL PROTECTED] | cell 425-443-4653 AIM & Yahoo: SomeLinuxGuy | ICQ: 1494523 SeattleServer.com, Inc. | http://www.seattleserver.com
Re: [vchkpw] Re: smtp auth - md5 & learn pass
On Sunday 19 June 2005 13:53, Peter Palmreuther wrote: > And dovecot is configured to explicitly use 'vchkpw' and 'vchkpw' > is for sure the version from 'compile with > --enable-clear-password' build? Yes, there is only one vchkpw on the system. If it's not using the correct vchkpw then it's reading the vpasswd files directly. > printf "[EMAIL PROTECTED]" |vchkpw /usr/bin/env > 3<&0 - check if environment was printed (should be with correct > password presented) > - check 'vpasswd' and 'vpasswd.cdb'. That works, but that's not useful since none of the client logins (pop3 or imap) update the password file. SMTP logins *do*, but they are considerably more rare... Cheers, -- Casey Allen Shobe | http://casey.shobe.info [EMAIL PROTECTED] | cell 425-443-4653 AIM & Yahoo: SomeLinuxGuy | ICQ: 1494523 SeattleServer.com, Inc. | http://www.seattleserver.com
[vchkpw] Re: smtp auth - md5 & learn pass
Hello Casey, On Sunday, June 19, 2005 at 12:22:05 AM Casey wrote: > On Saturday 18 June 2005 10:13, Peter Palmreuther wrote: >> How did you log in? SMTP-AUTH using CRAM-MD5? > PLAIN with IMAP (dovecot). And dovecot is configured to explicitly use 'vchkpw' and 'vchkpw' is for sure the version from 'compile with --enable-clear-password' build? I'm asking because I used the 'silent convert' myself already several times and 'fetched' plain text passwords this way to be inserted into 'vpasswd'. Though I haven't used it recently with a current version (latest I tested with is 5.4.5), but I can't imagine why it should be broken, as I don't see any index somebody changed something in this functionality. You might try this: - Edit 'vpasswd' to remove clear password - run 'vmkpasswd $DOMAIN' - run printf "[EMAIL PROTECTED]" |vchkpw /usr/bin/env 3<&0 - check if environment was printed (should be with correct password presented) - check 'vpasswd' and 'vpasswd.cdb'. If clear text password is present in both now for modified account, dovecot uses something different than 'vchkpw' yo ujust used. If not: double and triple check if 'vchkpw' is the same as in build directory; if so: compile without any '-O' and with '-g2' option and debug vchkpw e.g. using gdb. -- Best regards Peter Palmreuther Dew knot trussed yore spell checquer two fined awl mistakes.
Re: [vchkpw] Re: smtp auth - md5 & learn pass
On Saturday 18 June 2005 10:13, Peter Palmreuther wrote: > Additionally you should make sure you rebuilt vpasswd.cdb after > you edited vpasswd, because else vchkpw will still see the clear > text password in vpasswd.cdb and therefore see no reason to > update anything. vchkpw does *not* look into vpasswd if > everything is OK, it just updates clear text password in there if > it fails to find one in .cdb file. I rm'd the cdb so that it was rebuilt: this did not help. Cheers, -- Casey Allen Shobe | http://casey.shobe.info [EMAIL PROTECTED] | cell 425-443-4653 AIM & Yahoo: SomeLinuxGuy | ICQ: 1494523 SeattleServer.com, Inc. | http://www.seattleserver.com
Re: [vchkpw] Re: smtp auth - md5 & learn pass
On Saturday 18 June 2005 14:32, Sylwester S. Biernacki wrote: > Casey was talking about mysql not .cdb for user databases. I certainly was not! I do not wish to use mysql, though I do want to start using postgresql soon. I will try rm'ing the cdb. Cheers, -- Casey Allen Shobe | http://casey.shobe.info [EMAIL PROTECTED] | cell 425-443-4653 AIM & Yahoo: SomeLinuxGuy | ICQ: 1494523 SeattleServer.com, Inc. | http://www.seattleserver.com
Re: [vchkpw] Re: smtp auth - md5 & learn pass
On Saturday 18 June 2005 10:13, Peter Palmreuther wrote: > How did you log in? SMTP-AUTH using CRAM-MD5? PLAIN with IMAP (dovecot). Cheers, -- Casey Allen Shobe | http://casey.shobe.info [EMAIL PROTECTED] | cell 425-443-4653 AIM & Yahoo: SomeLinuxGuy | ICQ: 1494523 SeattleServer.com, Inc. | http://www.seattleserver.com
Re[2]: [vchkpw] Re: smtp auth - md5 & learn pass
On Saturday, June 18, 2005, 7:06:49 PM, Tom wrote: > If you're using qmail's pop3 server, you could add some debugging to > vchkpw.c (and recompile and reinstall it) to do some printfs around > that code to see why it isn't running. I love open free software ;P It's called tchechien debug ;-) I will check and write everything here tommorow ;-) -- regards, Sylwester Biernacki <[EMAIL PROTECTED]>
Re: [vchkpw] Re: smtp auth - md5 & learn pass
On Jun 18, 2005, at 7:32 AM, Sylwester S. Biernacki wrote:
I've checked in mysql log what happens if I auth via POP3 - vpopmail
makes select from vpopmail where pw_name='x' and pw_domain='x.com'
and the connection is being closed. As far as I understand well I
should get an update to vpopmail pw_clear_passwd field, right ?
I'm not sure why this isn't happening -- here's the relevant code in
vchkpw:
#ifdef ENABLE_LEARN_PASSWORDS
#ifdef CLEAR_PASS
/* User with pw_clear_passwd unset but pw_passwd set
* should have the pw_clear_passwd field filled in
*/
if ( vpw->pw_clear_passwd==NULL||vpw->pw_clear_passwd[0]==0) {
vpw->pw_clear_passwd = ThePass;
vauth_setpw(vpw, TheDomain);
}
#endif
#endif
It gets to this code after confirming that the user has a valid
password. If you're using Courier for POP logins, then it doesn't call
vchkpw, and that's why learn passwords isn't working.
If you're using qmail's pop3 server, you could add some debugging to
vchkpw.c (and recompile and reinstall it) to do some printfs around
that code to see why it isn't running.
--
Tom Collins - [EMAIL PROTECTED]
QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/
You don't need a laptop to troubleshoot high-speed Internet:
sniffter.com
Re[2]: [vchkpw] Re: smtp auth - md5 & learn pass
On Saturday, June 18, 2005, 4:32:17 PM, Sylwester wrote: > Casey was talking about mysql not .cdb for user databases. blah... I've read bad lines: >>> Nope, doesn't seem to. I rebuilt vpopmail with it enabled, edited >>> out the cleartext portions of a vpasswd file sorry for misunderstanding. -- regs, Sylwester Biernacki <[EMAIL PROTECTED]>
Re: [vchkpw] Re: smtp auth - md5 & learn pass
On Saturday, June 18, 2005, 12:13:54 PM, Peter wrote: >>> AFAIR it does exactly what you said. >> Nope, doesn't seem to. I rebuilt vpopmail with it enabled, edited >> out the cleartext portions of a vpasswd file, and logged in a bunch >> of times as that user. No updates to vpasswd. :( > How did you log in? SMTP-AUTH using CRAM-MD5? If so the clear text > password can't be added to vpasswd, because the clear text password > didn't made it to the server. You'll need to authenticate using a > plain text method, like LOGIN or PLAIN or POP3 login (not using APOP). I've checked in mysql log what happens if I auth via POP3 - vpopmail makes select from vpopmail where pw_name='x' and pw_domain='x.com' and the connection is being closed. As far as I understand well I should get an update to vpopmail pw_clear_passwd field, right ? > Additionally you should make sure you rebuilt vpasswd.cdb after you > edited vpasswd, because else vchkpw will still see the clear text > password in vpasswd.cdb and therefore see no reason to update > anything. vchkpw does *not* look into vpasswd if everything is OK, it > just updates clear text password in there if it fails to find one in > .cdb file. Casey was talking about mysql not .cdb for user databases. -- regards, Sylwester Biernacki <[EMAIL PROTECTED]>
[vchkpw] Re: smtp auth - md5 & learn pass
Hello Casey, On Saturday, June 18, 2005 at 10:35:58 AM Casey wrote: >> AFAIR it does exactly what you said. > Nope, doesn't seem to. I rebuilt vpopmail with it enabled, edited > out the cleartext portions of a vpasswd file, and logged in a bunch > of times as that user. No updates to vpasswd. :( How did you log in? SMTP-AUTH using CRAM-MD5? If so the clear text password can't be added to vpasswd, because the clear text password didn't made it to the server. You'll need to authenticate using a plain text method, like LOGIN or PLAIN or POP3 login (not using APOP). Additionally you should make sure you rebuilt vpasswd.cdb after you edited vpasswd, because else vchkpw will still see the clear text password in vpasswd.cdb and therefore see no reason to update anything. vchkpw does *not* look into vpasswd if everything is OK, it just updates clear text password in there if it fails to find one in .cdb file. -- Best regards Peter Palmreuther We care a lot about the Garbage Pail Kids, they never lie...
