prehaps i should be more specific. im using a php4 script to change the
password. basically i do a:
$oldone = crypt($oldpasswd,$emailinfo[0]);
and then compare that crypt to the crypt in the vpopmail database, vpopmail
table, pw_passwd where pw_name='$emailinfo[0]' and
pw_domain='$emailinfo[1]'. emailinfo is an array of the name and domain of
the email address.
here is what php4.net says (abreviated) about crypt:
crypt() will return an encrypted string using the standard Unix DES
encryption method. Arguments are a string to be encrypted and an optional
two-character salt string to base the encryption on.
i found where vpopmail crypts the password:
salt[0] = randltr();
salt[1] = randltr();
salt[2] = 0;
tmpstr = crypt(newpasswd,salt);
i guess i answered my own question. but anyone have any other ideas how to
do this? its feasible to use clear passwords in the database, or to define
the salt as something as opposed to something random and recompile and use
that to crypt the password... any other ideas? what about security
concerns?
charlie
----- Original Message -----
From: "Ken Jones" <[EMAIL PROTECTED]>
To: "Charlie Chrisman" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, October 17, 2001 11:28 PM
Subject: Re: mysql crypt seed
> On Wed, 2001-10-17 at 20:52, Charlie Chrisman wrote:
> > what is the seed of the crypt of the password when using mysql
> > authentication? basically i want to write a quick, small script that
will
> > allow users to change their password. thats all...
>
> it doesn't use the mysql crypt/password functions.
> It uses the standard (as of now) unix crypt() function.
> Read through the vpasswd() function. You can find the
> code which creates the password. It's standard stuff.
>
> You could always exec the vpasswd command. Or link in
> a program that calls the vpasswd() api. Or copy the
> code from the library and paste it into your program.
>
> Ken Jones
>
>
>
