[Dovecot] bug in 99.13-rc2 in ldap md5 patch

Farkas Levente lfarkas at bppiac.hu
Wed Dec 29 13:15:02 EET 2004


Timo Sirainen wrote:
> On Wed, 2004-12-29 at 11:40 +0100, Farkas Levente wrote:
> 
>>>Hmm. That's a bit kludgy fix since then {PLAIN-MD5} would work
>>>differently with LDAP. Maybe I'll just remove the special case from
>>>password-scheme.c instead?
>>
>>no this way it's correct. ldap's md5 is equal with plain-md5. in the 
>>scheme you should recognize it and use the plain-md5 algorithm.
>>anyway it works for me with openldap and md5;-)
> 
> 
> Um. LDAP's MD5 = base64-encoded, Dovecot's PLAIN-MD5 = hex-encoded I
> think. So with your patch it would be impossible to use hex-encoded MD5
> passwords in LDAP because it decodes {PLAIN-MD5} in base64.
> 
> I think the LDAP kludges should affect only that if {MD5} password
> doesn't begin with $1$, it would be assumed to be base64-encoded MD5
> password.

may be. i just patch the original patch to work. but as i debug dovecot 
it seems the auth process first reach passdb-ldap.c's line 111 as scheme 
== PLAIN-MD5 (where the password is converted) and just after that 
password-scheme.c's line 190... so the schema already plain-md5 in 
passdb-ldap.c and without my patch it's not working:-(

-- 
   Levente                               "Si vis pacem para bellum!"



More information about the dovecot mailing list