[Dovecot] Bug in Dovecot 1.0.5 - CRYPT-MD5 not working
Jim Salter
jim at jrs-s.net
Wed Dec 31 04:43:18 EET 2008
Timo, you were correct. Apache's htpasswd version of MD5 does not
interoperate with either CRYPT or MD5-CRYPT.
Vpopmail's vpasswd files *do* interoperate properly with either CRYPT or
with MD5-CRYPT. Apparently I fat-fingered a copy and paste earlier when
testing, hence my mistaken impression that the migrated hashes worked
with CRYPT but not with MD5-CRYPT. Sorry for the confusion, and thanks
for the help!
-J
Timo Sirainen wrote:
> On Dec 31, 2008, at 1:50 AM, Jim Salter wrote:
>
>> Hrm. OK, not arguing, just curious: where is the MD5-CRYPT standard
>> defined?
>
> I don't think it's a real standard. It's just something that libcs
> started implementing. I think OpenBSD did it first and then others
> started copying.
>
>> Worth noting that the (Apache?) standard in question is also the one
>> used in vpopmail vpasswd.cdb files (authdb vpopmail, userdb vpopmail).
>
> Would it work if you simply changed $apr1$ to $1$? I can't really see
> why $apr1$ would otherwise work in glibc. I just checked its sources
> and also Ubuntu patches. There's no mention of apr1 in them.
>
More information about the dovecot
mailing list