POP3: +OK <[EMAIL PROTECTED]> user webmaster +OK pass webmaster00 +OK list
I don't like that at all. You're right. it is comparing to the crypt password. Any way to convert an entire large site of cdb files (probably 150 domains) into MD5? Actually coverting is the wrong word [since you can't do that unless there is clear text passwords], but rather to have it choose between both MD5 and CRYPT passwords (based on length) to migrate from crypt to MD5? I'd love to migrate away from it if this is the type of problems it causes... Then I could just make a script to md5-encrypt where a clear password exists [which is most of them, and in any cases, the accounts which are used]. Has anyone done this? Is it an all-or-nothing game?
From: "Paul L. Allen" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: [vchkpw] Re: SMTP-Auth bug in passwords? Date: Wed, 10 Sep 2003 13:30:27 GMT
Mike Miller writes:
> Nope. Not using MD5 passwords.
That would explain it then. As Tom said, DES-style crypt ignores everything after the first eight characters of the password. MD5-style crypt has a higher limit, from memory I believe it's something like 126.
-- Paul Allen Softflare Support
The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail