Mike Miller writes: > Any way to convert an entire large site of cdb files (probably > 150 domains) into MD5? Actually coverting is the wrong word [since you > can't do that unless there is clear text passwords], but rather to have it > choose between both MD5 and CRYPT passwords (based on length) to migrate > from crypt to MD5?
I don't know how vpopmail handles this. If it was written correctly then on most recent releases of *nix then both types of crypted password in the same cdb ought to be possible. DES crypt requires two characters of salt chosen from A-Za-z0-9./ while MD5 crypt requires eight characters from the same character set prefixed by $1$. The wrong way to code things is to examine the crypted password (which starts with whatever salt has been used) and figure out whether it's DES or MD5, extract the appropriate amount of salt and pass that with the plaintext password to crypt and see if the result matches the crypted password. The really wrong way to code it is to fix at compile time what type of crypt should be used when validating passwords. The right way to code this is to use the crypted password itself, in its entirety, as the salt for crypting the plaintext password when you validate the password. Versions of crypt which support MD5 also support using the entirety of the crypted password as salt and then figure out how much of that really is salt without you having to bother. Do it this way and both types of crypted password can be used in the same file even though when passwords are set or modified they will be converted to whichever type of crypt you said you wanted to use. If vpopmail does it that way then you can happily turn on MD5, with existing passwords continuing to work and new or changed passwords being MD5 crypted. If vpopmail doesn't do it that way then you have problems until the next release appears. -- Paul Allen Softflare Support
