On Aug 27, 2004, at 10:33 AM, Jeremy Kister wrote:
What was used to generate the $1 salt for the original crypted
passwords?

your software.

~vpopmail/bin/vadduser [EMAIL PROTECTED] asdf, on Solaris 2.7 sparc vpopmail
5.4.6

Your server's crypt() doesn't support MD5 passwords. You will need to rebuild vpopmail with the --disable-md5-passwords option.


If you compiled with clear password support, you might want to use your Perl skills to go through each vpasswd file and replace the current encrypted password with a new one (using a valid salt). If you delete the vpasswd.cdb file afterward, it should get regenerated automatically (try doing a vuserinfo on the postmaster account to see if that triggers regeneration).

Sorry about the bug.  Thanks for pointing it out to us though.

Here's a patch I'm adding to vpopmail to fall back to using a non-MD5 salt if the host's crypt() doesn't handle MD5.

--- vpopmail.c  19 Aug 2004 05:42:35 -0000      1.28.2.7
+++ vpopmail.c  27 Aug 2004 17:55:49 -0000
@@ -606,6 +606,19 @@
   tmpstr = crypt(clearpass,salt);
   if ( tmpstr == NULL ) return(VA_CRYPT_FAILED);

+#ifdef MD5_PASSWORDS
+  /* Make sure this host's crypt supports MD5 passwords.  If not,
+   * fall back on old-style crypt
+   */
+  if (tmpstr[2] != '$') {
+    salt[0] = randltr();
+    salt[1] = randltr();
+    salt[2] = 0;
+    tmpstr = crypt(clearpass,salt);
+    if ( tmpstr == NULL ) return(VA_CRYPT_FAILED);
+  }
+#endif
+
   strncpy(crypted,tmpstr, ssize);
   return(VA_SUCCESS);
 }

--
Tom Collins  -  [EMAIL PROTECTED]
QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: http://vpopmail.sf.net/
Info on the Sniffter hand-held Network Tester: http://sniffter.com/



Reply via email to