[Dovecot] Authentication Problem MD5 hashs
Hello
I've migrated to dovecot-1.0beta3 and I have taken over the password files from an older system. For some reason the md5 hashs have "[" chars in the salt.
For example like this $1$[xxxXX[E$bg/d4JdSSf2kTL8sXXxXXX
Now the problem is that in the file src/auth/db-passwd-file.c on line 43 for libpam-pwdfile compatibility it will be searched for "[" to find the type of the password hash. Then only the hash up to this point will be used in future for comparing the passwords.
The problem line. p = pass == NULL ? NULL : strchr(pass, '[');
I changed the behavior to always use the complete hash out of the file because I don't use pam.
Does anyone know if [ chars are allowed in md5 hashs?
Kind Regards Fabrizio Steiner
On Fri, 2006-03-31 at 03:43 +0200, Fabrizio Steiner wrote:
I've migrated to dovecot-1.0beta3 and I have taken over the password files from an older system. For some reason the md5 hashs have "[" chars in the salt.
For example like this $1$[xxxXX[E$bg/d4JdSSf2kTL8sXXxXXX
Now the problem is that in the file src/auth/db-passwd-file.c on line 43 for libpam-pwdfile compatibility it will be searched for "[" to find the type of the password hash. Then only the hash up to this point will be used in future for comparing the passwords.
Hmm. The whole pam-passwd-file compatibility is probably useless.. Well, I'll just fix the check to be better for now.
participants (2)
-
Fabrizio Steiner
-
Timo Sirainen