[vchkpw]passwrod encrypted method
sirplz also tell me in the response mail ,how can i fix the SALT with vpopmailSALT,to get same encrypted passwd value ,like vpopmail.also tell me about " SEGMENTATION FAULT"thankswait for ur reply.
Re: [vchkpw]passwrod encrypted method
Hello zafar, On Tuesday, August 27, 2002 at 5:07:58 PM you wrote: plz also tell me in the response mail ,how can i fix the SALT with vpopmail SALT,to get same encrypted passwd value ,like vpopmail. You don't want the same SALT every time. You don't want the same SALT as already used in vpasswd. SALT is intended to be different every time a password is created / encrypted and only reused for _checking_ the password by password checking routines as vchkpw. The SALT the given PHP-functions use is build the same way vpopmail does: '$1$' + 5 random characters + '0' So syntactically and functionally password generated by example PHP functions are equal to vpopmail-encrypted passwords. also tell me about SEGMENTATION FAULT What to tell you about 'segmentation fault'??? Read yourself what a 'segmentation fault' is: http://www.c-for-dummies.com/lessons/linux/01/ Why 'vmkpasswd' generates this segmentation fault? /I don't know/. After you've read the document above you'll probably understand why there ain't a 'Formular F()' answer. You did not even wrote what version of vpopmail you're using, so maybe this is already fixed in a newer version?!? Who knows. Additionally I asked you to do a 'strace' call. I've seen no output yet, hard to tell you what _might_ go wrong. Next question is: you seem to change passwords from webserver. Are you sure access permissions are correct and webserver user is allowed to 1.) change 'vpasswd' ? 2.) call vmkpasswd to generate vpasswd.cdb ? Remember: only 'root' and 'vpopmail' are allowed to write to 'vpasswd.cdb', so if your webserver is e.g. running as 'nobody' you can't succeed without using 'sudo' mechanisms. If all fails and you're unable to debug and break it down to a concrete cause of error: don't generate passwords your self, don't write them to vpasswd and don't run vmkpasswd manually. Write a wrapper script that calls 'vpasswd' directly via 'sudo' mechanism. Syntax for calling 'vpasswd' is vpasswd e-mail-address password So to change password for '[EMAIL PROTECTED]' to 'john_doe-foo_bar' the syntax is: vpasswd [EMAIL PROTECTED] john_doe-foo_bar -- Best regards Peter Palmreuthermailto:[EMAIL PROTECTED]
Re: [vchkpw]passwrod encrypted method
Hello zafar, On Tuesday, August 27, 2002 at 7:07:57 AM you wrote: sir i do everything according to ur instruction.i found a error when i run vmkpasswd command of segmentation fault. Assuming you're running a flavor of Linux: Open a command line, chdir to domains directory (~vpopmail/domains/domain) and run strace -o /tmp/vmkpasswd.log -s 128 vmkpasswd domain mail the content of /tmp/vmkpasswd -- Best regards Peter Palmreuthermailto:[EMAIL PROTECTED]
[vchkpw]passwrod encrypted method
hello i want to know that thing ,that when new user add in throughvpopmail in any domain ,what algorithum vpopmailis use to encrypt password and now i want to decrypt itthrough php.plz tell me the encrypted method of vpopmail.i install it with clear password option also.wait for ur reply.thanks
Re: [vchkpw]passwrod encrypted method
Hello zafar,
On Monday, August 26, 2002 at 10:04:27 AM you wrote:
i want to know that thing ,that when new user add in through vpopmail in
any domain ,what algorithum vpopmail is use to encrypt password
crypt with MD5
and now i want to decrypt it through php.
Impossible. It's a one way encryption. Decryption is not possible.
plz tell me the encrypted method of vpopmail.
To encrypt passwords using PHP, e.g. to write them to a database (like if
you're using vpopmail w/ MySQL and want users to change the password from
your web site) you can use the following code:
,-= [ adopted from vpopmail-source ] =-
?php
function randltr() {
$retval = 'a';
$rand = rand() % 64;
if ($rand 26) $retval = $rand + 'a';
if ($rand 25) $retval = $rand - 26 + 'A';
if ($rand 51) $retval = $rand - 52 + '0';
if ($rand == 62) $retval = ';';
if ($rand == 63) $retval = '.';
return($retval);
}
function mkpasswd3($clearpass, $crypted) {
srand ((double)microtime()*100);
$salt = '$1$';
for ($i = 0; $i 5; $i++) $salt .= randltr();
$salt .= '0';
$crypted = crypt($clearpass, $salt);
if (strlen($crypted) 0) return(true);
return(false);
}
?
`-=
and call the functions like in this example:
,-= [ ] =-
$clearpass = 'testtest'
$crypted = '';
if (mkpasswd3($clearpass, $crypted)) printf(%s - %s\n, $clearpass, $crypted);
else echo(Ohoh);
`-=
To figure out if MD5-support is compiled into your PHP execute this code:
,-= [ test for MD5 encryption support ] =-
?php
printf('CRYPT_MD5: %s%s', CRYPT_MD5, \n);
?
`-=
i install it with clear password option also.
You won't need to decrypt if clear-password is enabled. The clear password
then will be already present.
But you'll have to remember updating encrypted _AND_ clear password if you
use above PHP functions!!!
--
Best regards
Peter Palmreuthermailto:[EMAIL PROTECTED]
Re: [vchkpw]passwrod encrypted method
sir
thanks for the reply.
i follow ur instructions and generate different encrypted password
values.but that encrypted password is not matched with oldone encrypt by
vpopmail (it is correct or not)tell me about this also,
i try it with this pattern.
$clearpass = 'zafar'
$crypted = '';
and resulted encrypted passwd paste on the vpasswd file in the respected
domain file.but user login it with the old password i overwrite the
encrypted and clear passwd.but it can't work.
plz tell me which file it use for getting password, and where i change
must,will change confirm.
plz tell me .
thanks for the again reply.
ok wait for ur reply.
- Original Message -
From: Peter Palmreuther [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, August 26, 2002 3:51 PM
Subject: Re: [vchkpw]passwrod encrypted method
Hello zafar,
On Monday, August 26, 2002 at 10:04:27 AM you wrote:
i want to know that thing ,that when new user add in through vpopmail in
any domain ,what algorithum vpopmail is use to encrypt password
crypt with MD5
and now i want to decrypt it through php.
Impossible. It's a one way encryption. Decryption is not possible.
plz tell me the encrypted method of vpopmail.
To encrypt passwords using PHP, e.g. to write them to a database (like if
you're using vpopmail w/ MySQL and want users to change the password from
your web site) you can use the following code:
,-= [ adopted from vpopmail-source ] =-
?php
function randltr() {
$retval = 'a';
$rand = rand() % 64;
if ($rand 26) $retval = $rand + 'a';
if ($rand 25) $retval = $rand - 26 + 'A';
if ($rand 51) $retval = $rand - 52 + '0';
if ($rand == 62) $retval = ';';
if ($rand == 63) $retval = '.';
return($retval);
}
function mkpasswd3($clearpass, $crypted) {
srand ((double)microtime()*100);
$salt = '$1$';
for ($i = 0; $i 5; $i++) $salt .= randltr();
$salt .= '0';
$crypted = crypt($clearpass, $salt);
if (strlen($crypted) 0) return(true);
return(false);
}
?
`-=
and call the functions like in this example:
,-= [ ] =-
$clearpass = 'testtest'
$crypted = '';
if (mkpasswd3($clearpass, $crypted)) printf(%s - %s\n, $clearpass,
$crypted);
else echo(Ohoh);
`-=
To figure out if MD5-support is compiled into your PHP execute this code:
,-= [ test for MD5 encryption support ] =-
?php
printf('CRYPT_MD5: %s%s', CRYPT_MD5, \n);
?
`-=
i install it with clear password option also.
You won't need to decrypt if clear-password is enabled. The clear password
then will be already present.
But you'll have to remember updating encrypted _AND_ clear password if you
use above PHP functions!!!
--
Best regards
Peter Palmreuthermailto:[EMAIL PROTECTED]
Re: [vchkpw]passwrod encrypted method
Hello zafar, On Monday, August 26, 2002 at 3:16:32 PM you wrote: i follow ur instructions and generate different encrypted password values.but that encrypted password is not matched with oldone encrypt by vpopmail (it is correct or not) Yes, this is correct. Encrypted passwords will differ each time, as the 'SALT' is different each time. Encrypting the password with same SALT will produce same encrypted string. But as salt is chosen (more or less) randomly each time you call the functions this will produce different output patterns. and resulted encrypted passwd paste on the vpasswd file in the respected domain file.but user login it with the old password i overwrite the encrypted and clear passwd.but it can't work. Than the new password ain't used. If something would be wrong with encryption functions the user would _not_ be able to log in, neither with new nor with old password. If user can still log in after you've tried to set the new password you were not successful in setting the new password. Did you only set the password in 'vpasswd' file or did you recreate 'vpasswd.cdb' after changing the password? vmkpasswd $domain should be your command. -- Best regards Peter Palmreuthermailto:[EMAIL PROTECTED]
Re: [vchkpw]passwrod encrypted method
hello i change in the vpasswd file and try to check it without handling vpasswd.cdb file, r i remove it first and then change it. or something else i do. thanks for the command but i want that i read this file and change the passwd in this file. tell me little detail for doing, i have some confusion thanks for the cooperation. wait for ur reply. - Original Message - From: Peter Palmreuther [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, August 26, 2002 6:21 PM Subject: Re: [vchkpw]passwrod encrypted method Hello zafar, On Monday, August 26, 2002 at 3:16:32 PM you wrote: i follow ur instructions and generate different encrypted password values.but that encrypted password is not matched with oldone encrypt by vpopmail (it is correct or not) Yes, this is correct. Encrypted passwords will differ each time, as the 'SALT' is different each time. Encrypting the password with same SALT will produce same encrypted string. But as salt is chosen (more or less) randomly each time you call the functions this will produce different output patterns. and resulted encrypted passwd paste on the vpasswd file in the respected domain file.but user login it with the old password i overwrite the encrypted and clear passwd.but it can't work. Than the new password ain't used. If something would be wrong with encryption functions the user would _not_ be able to log in, neither with new nor with old password. If user can still log in after you've tried to set the new password you were not successful in setting the new password. Did you only set the password in 'vpasswd' file or did you recreate 'vpasswd.cdb' after changing the password? vmkpasswd $domain should be your command. -- Best regards Peter Palmreuthermailto:[EMAIL PROTECTED]
Re: [vchkpw]passwrod encrypted method
Hello zafar, On Monday, August 26, 2002 at 4:48:52 PM you wrote: i change in the vpasswd file and try to check it without handling vpasswd.cdb file, r i remove it first and then change it. or something else i do. thanks for the command but i want that i read this file and change the passwd in this file. 'Something else' is the wrong doing. You should do exactly what vpopmail expects you to do: - change the (encrypted and plain text) password in 'vpasswd'. - run vmkpasswd $domain (substitute '$domain' with name of the domain you're processing the vpasswd file for) The former will make changes in the file readable by human beings like you, the latter will transport the changes to binary file (vpasswd.cdb) used by 'vchkpw' for authenticating user. You will _have to_ do both steps, unless you're familiar with using cdb library and changing vpasswd.cdb directly by yourself (I assume you're not). So again: assuming domain name is 'test.com' and username to change the password for is 'user' you'll have to change the line corresponding to 'user' in file '~vpopmail/domains/test.com/vpasswd' and set the new password, both encrypted and plain text. Then you'll have to execute 'vmkpasswd test.com' for changes getting manifested in '~vpopmail/domains/vpasswd.cdb' which is used by 'vchkpw' to do (normal) POP3 authentication. -- Best regards Peter Palmreuthermailto:[EMAIL PROTECTED]
Re: [vchkpw]passwrod encrypted method
hello sir thanks for mailing. sir i do everything according to ur instruction.i found a error when i run vmkpasswd command of segmentation fault.i do't understand that error. r u have any information about that error. plz tell me the solution of this error. thanks with regards - Original Message - From: Peter Palmreuther [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, August 26, 2002 7:18 PM Subject: Re: [vchkpw]passwrod encrypted method Hello zafar, On Monday, August 26, 2002 at 4:48:52 PM you wrote: i change in the vpasswd file and try to check it without handling vpasswd.cdb file, r i remove it first and then change it. or something else i do. thanks for the command but i want that i read this file and change the passwd in this file. 'Something else' is the wrong doing. You should do exactly what vpopmail expects you to do: - change the (encrypted and plain text) password in 'vpasswd'. - run vmkpasswd $domain (substitute '$domain' with name of the domain you're processing the vpasswd file for) The former will make changes in the file readable by human beings like you, the latter will transport the changes to binary file (vpasswd.cdb) used by 'vchkpw' for authenticating user. You will _have to_ do both steps, unless you're familiar with using cdb library and changing vpasswd.cdb directly by yourself (I assume you're not). So again: assuming domain name is 'test.com' and username to change the password for is 'user' you'll have to change the line corresponding to 'user' in file '~vpopmail/domains/test.com/vpasswd' and set the new password, both encrypted and plain text. Then you'll have to execute 'vmkpasswd test.com' for changes getting manifested in '~vpopmail/domains/vpasswd.cdb' which is used by 'vchkpw' to do (normal) POP3 authentication. -- Best regards Peter Palmreuthermailto:[EMAIL PROTECTED]
