What was used to generate the $1 salt for the original crypted passwords?
your software.
~vpopmail/bin/vadduser [EMAIL PROTECTED] asdf, on Solaris 2.7 sparc vpopmail
5.4.6
Your server's crypt() doesn't support MD5 passwords. You will need to rebuild vpopmail with the --disable-md5-passwords option.
If you compiled with clear password support, you might want to use your Perl skills to go through each vpasswd file and replace the current encrypted password with a new one (using a valid salt). If you delete the vpasswd.cdb file afterward, it should get regenerated automatically (try doing a vuserinfo on the postmaster account to see if that triggers regeneration).
Sorry about the bug. Thanks for pointing it out to us though.
Here's a patch I'm adding to vpopmail to fall back to using a non-MD5 salt if the host's crypt() doesn't handle MD5.
--- vpopmail.c 19 Aug 2004 05:42:35 -0000 1.28.2.7 +++ vpopmail.c 27 Aug 2004 17:55:49 -0000 @@ -606,6 +606,19 @@ tmpstr = crypt(clearpass,salt); if ( tmpstr == NULL ) return(VA_CRYPT_FAILED);
+#ifdef MD5_PASSWORDS
+ /* Make sure this host's crypt supports MD5 passwords. If not,
+ * fall back on old-style crypt
+ */
+ if (tmpstr[2] != '$') {
+ salt[0] = randltr();
+ salt[1] = randltr();
+ salt[2] = 0;
+ tmpstr = crypt(clearpass,salt);
+ if ( tmpstr == NULL ) return(VA_CRYPT_FAILED);
+ }
+#endif
+
strncpy(crypted,tmpstr, ssize);
return(VA_SUCCESS);
}-- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
