Question about password field in passwd-file
Hello,
I have a question regarding the password field of the passwd-file [1].
According to the wiki, the password field assumes a {SCHEME} of CRYPT when the {SCHEME} is not prefixed to this field.
So, a passwd-file like:
user:password: . . .
… is equivalent to:
user:{CRYPT}password: . . .
Does that mean an example passwd-file with NEITHER {SCHEME} or password, like:
user@example.com:: . . . (note no scheme or password specified between colons)
…means that the user@example.com user does not have any valid crypted password and therefore the user@example.com user cannot be authenticated ?
For example, if I use doveadm to create a null CRYPT password:
$ sudo doveadm pw -s CRYPT -p “” -u user@example.com
… gives the result:
{CRYPT}txR1JRq9140Qk
… which differs from the example password field having NEITHER {SCHEME} or password, like:
user@example.com:: . . .
… so if I attempt to logon using a null password for user@example.com when nothing is specified in the password field for the passwd-file:
/etc/dovecot/passwd
user@example.com:: . . .
$ sudo doveadm auth test user@example.com
password:
passdb: user@example.com auth failed
… it is impossible to logon as user@example.com with ANY PASSWORD and/or a NULL password ?
Thanks,
- J
Sources:
[1] https://wiki2.dovecot.org/AuthDatabase/PasswdFile
you can add nopassword attribute to the end. See https://wiki.dovecot.org/PasswordDatabase/ExtraFields
---Aki TuomiDovecot oy -------- Original message --------From: J Doe general@nativemethods.com Date: 07/07/2018 02:39 (GMT+02:00) To: dovecot@dovecot.org Subject: Question about password field in passwd-file Hello,
I have a question regarding the password field of the passwd-file [1].
According to the wiki, the password field assumes a {SCHEME} of CRYPT when the {SCHEME} is not prefixed to this field.
So, a passwd-file like:
user:password: . . .
… is equivalent to:
user:{CRYPT}password: . . .
Does that mean an example passwd-file with NEITHER {SCHEME} or password, like:
user@example.com:: . . . (note no scheme or password specified between colons)
…means that the user@example.com user does not have any valid crypted password and therefore the user@example.com user cannot be authenticated ?
For example, if I use doveadm to create a null CRYPT password:
$ sudo doveadm pw -s CRYPT -p “” -u user@example.com
… gives the result:
{CRYPT}txR1JRq9140Qk
… which differs from the example password field having NEITHER {SCHEME} or password, like:
user@example.com:: . . .
… so if I attempt to logon using a null password for user@example.com when nothing is specified in the password field for the passwd-file:
/etc/dovecot/passwd user@example.com:: . . .
$ sudo doveadm auth test user@example.com password: passdb: user@example.com auth failed
… it is impossible to logon as user@example.com with ANY PASSWORD and/or a NULL password ?
Thanks,
- J
Sources:
participants (2)
-
Aki Tuomi
-
J Doe