[Dovecot] Storing passwords encrypted... bcrypt?
Noel Butler
noel.butler at ausics.net
Thu Jan 5 04:36:38 EET 2012
On Thu, 2012-01-05 at 03:26 +0100, Pascal Volk wrote:
> On 01/05/2012 02:59 AM Noel Butler wrote:
> > We use Crypt::PasswdMD5 -
> > unix_md5_crypt() for all general password storage including mail/ftp
> > etc, except for web, where we need to use apache_md5_crypt().
>
> Huh, why do you need to store passwords in Apaches md5 crypt() format?
>
Because with multiple servers, we store them all in (replicated)
mysql :) (the same with postfix/dovecot).
and as I'm sure you are aware, Apache does not understand standard
crypted MD5, hence why there is the second option of apache_md5_crypt()
> ,--[ Apache config ]--
> | AuthType Basic
> | AuthName "bla …"
> | AuthBasicProvider dbm
> | AuthDBMUserFile /path/2/.htpasswd
> | Require valid-user
> | Order allow,deny
> | Allow from 203.0.113.0/24 2001:db8::/32
> | Satisfy any
> `--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: face-smile.png
Type: image/png
Size: 873 bytes
Desc: not available
URL: <http://dovecot.org/pipermail/dovecot/attachments/20120105/c7e488eb/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL: <http://dovecot.org/pipermail/dovecot/attachments/20120105/c7e488eb/attachment-0004.bin>
More information about the dovecot
mailing list