On Wed, 10 Sep 2003, Ken Jones wrote:
> On Wednesday 10 September 2003 1:14 pm, Mike Miller wrote:
> > Wondering if someone can answer this for me. I've got maybe 100 domains
> > thus yet using crypt() encryption for passwords, as well as storing clear
> > text [for CRAM-MD5 encryption requiring the password].
> > If I just install VPOPMAIL with MD5 support, will it detect which domains
> > are crypt and which are MD5?
> Yes. The crypt() function does that automatically.
This is also somewhat OS dependant. The *BSDs for example have a crypt()
that can handle DES, MD5, and Blowfish. I'm successfully using Blowfish
(accounts were system account users from OpenBSD) after making the
pw_passwd field larger in mysql.
Some OSes have a config file for crypt() that will set the default
encryption method. "man 3 crypt" should give some indication of how your
OS will behave.
> > Some of my domains don't have clear text
> > passwords because they haven't changed them since before I started saving
> > them. Will a simple upgrade make all new passwords MD5 and existing
> > passwords crypt for a slow migration? as passwords get updated? I want to
> > be able to use both at the same time.
> I have tested that when we first added support to generate MD5 passwords.
> I tested it against a domain that had both DES and MD5.
> As far as I know, smtp auth with cram-md5 requires the clear text password.
> Ken Jones
> > Thoughts?
> > -Mike
> > _________________________________________________________________
> > The new MSN 8: advanced junk mail protection and 2 months FREE*
> > http://join.msn.com/?page=features/junkmail