[Dovecot] how authentication works?

Mihamina Rakotomandimby mihamina at gulfsat.mg
Tue May 18 08:19:37 EEST 2010


> Mihamina Rakotomandimby <mihamina at gulfsat.mg> :
> Now, it's time to move to CRYPT scheme.
>
> Before that, I would like to know how things happen.
> [...]
> Am I close enough to reality? Too far?

I read further and saw:
  http://php.net/manual/en/function.crypt.php
  The standard DES-based crypt() returns the salt as the first two
  characters of the output. It also only uses the first eight characters
  of str, so longer strings that start with the same eight characters
  will generate the same result (when the same salt is used).
  [...]
  <?php
  $password = crypt('mypassword');
  if (crypt($user_input, $password) == $password) 
  {
   echo "Password verified!";
  }
  ?>

And also:
  http://docs.python.org/library/crypt.html
  crypt.crypt(word, salt)
  word will usually be a user’s password as typed at a prompt or in a
  graphical interface. salt is usually a random two-character string
  which will be used to perturb the DES algorithm in one of 4096 ways.
  The characters in salt must be in the set [./a-zA-Z0-9]. Returns the
  hashed password as a string, which will be composed of characters from
  the same alphabet as the salt (the first two characters represent the
  salt itself).
  Since a few crypt(3) extensions allow different values, with different
  sizes in the salt, it is recommended to use the full crypted password
  as salt when checking for a password.
  [...]
  def login():
    username = raw_input('Python login:')
    cryptedpasswd = pwd.getpwnam(username)[1]
    if cryptedpasswd:
        if cryptedpasswd == 'x' or cryptedpasswd == '*':
            raise NotImplementedError(
                "Sorry, currently no support for shadow passwords")
        cleartext = getpass.getpass()
        return crypt.crypt(cleartext, cryptedpasswd) == cryptedpasswd
    else:
        return 1

I think it's OK for me, now.


-- 
       Architecte Informatique chez Blueline/Gulfsat:
    Administration Systeme, Recherche & Developpement
                                     +261 3456 000 19


More information about the dovecot mailing list