[Dovecot] how authentication works?
Mihamina Rakotomandimby
mihamina at gulfsat.mg
Tue May 18 08:19:37 EEST 2010
> Mihamina Rakotomandimby <mihamina at gulfsat.mg> :
> Now, it's time to move to CRYPT scheme.
>
> Before that, I would like to know how things happen.
> [...]
> Am I close enough to reality? Too far?
I read further and saw:
http://php.net/manual/en/function.crypt.php
The standard DES-based crypt() returns the salt as the first two
characters of the output. It also only uses the first eight characters
of str, so longer strings that start with the same eight characters
will generate the same result (when the same salt is used).
[...]
<?php
$password = crypt('mypassword');
if (crypt($user_input, $password) == $password)
{
echo "Password verified!";
}
?>
And also:
http://docs.python.org/library/crypt.html
crypt.crypt(word, salt)
word will usually be a user’s password as typed at a prompt or in a
graphical interface. salt is usually a random two-character string
which will be used to perturb the DES algorithm in one of 4096 ways.
The characters in salt must be in the set [./a-zA-Z0-9]. Returns the
hashed password as a string, which will be composed of characters from
the same alphabet as the salt (the first two characters represent the
salt itself).
Since a few crypt(3) extensions allow different values, with different
sizes in the salt, it is recommended to use the full crypted password
as salt when checking for a password.
[...]
def login():
username = raw_input('Python login:')
cryptedpasswd = pwd.getpwnam(username)[1]
if cryptedpasswd:
if cryptedpasswd == 'x' or cryptedpasswd == '*':
raise NotImplementedError(
"Sorry, currently no support for shadow passwords")
cleartext = getpass.getpass()
return crypt.crypt(cleartext, cryptedpasswd) == cryptedpasswd
else:
return 1
I think it's OK for me, now.
--
Architecte Informatique chez Blueline/Gulfsat:
Administration Systeme, Recherche & Developpement
+261 3456 000 19
More information about the dovecot
mailing list