On Wed, 10 Sep 2003, Ken Jones wrote: > On Wednesday 10 September 2003 1:14 pm, Mike Miller wrote: > > Wondering if someone can answer this for me. I've got maybe 100 domains > > thus yet using crypt() encryption for passwords, as well as storing clear > > text [for CRAM-MD5 encryption requiring the password]. > > > > If I just install VPOPMAIL with MD5 support, will it detect which domains > > are crypt and which are MD5? > Yes. The crypt() function does that automatically.
This is also somewhat OS dependant. The *BSDs for example have a crypt() that can handle DES, MD5, and Blowfish. I'm successfully using Blowfish (accounts were system account users from OpenBSD) after making the pw_passwd field larger in mysql. Some OSes have a config file for crypt() that will set the default encryption method. "man 3 crypt" should give some indication of how your OS will behave. Charles > > Some of my domains don't have clear text > > passwords because they haven't changed them since before I started saving > > them. Will a simple upgrade make all new passwords MD5 and existing > > passwords crypt for a slow migration? as passwords get updated? I want to > > be able to use both at the same time. > > I have tested that when we first added support to generate MD5 passwords. > I tested it against a domain that had both DES and MD5. > > As far as I know, smtp auth with cram-md5 requires the clear text password. > > Ken Jones > > > > > Thoughts? > > -Mike > > > > _________________________________________________________________ > > The new MSN 8: advanced junk mail protection and 2 months FREE* > > http://join.msn.com/?page=features/junkmail > > >
