[Dovecot] Authentication Problem MD5 hashs

Fabrizio Steiner fabrizio.steiner at vweb.ch
Fri Mar 31 04:43:35 EEST 2006


Hello

I've migrated to dovecot-1.0beta3 and I have taken over the password 
files from an older system. For some reason the md5 hashs have "[" chars 
in the salt.

For example like this $1$[xxxXX[E$bg/d4JdSSf2kTL8sXXxXXX

Now the problem is that in the file src/auth/db-passwd-file.c on line 43 
for libpam-pwdfile compatibility it will be searched for "[" to find the 
type of the password hash. Then only the hash up to this point will be 
used in future for comparing the passwords.

The problem line.
        p = pass == NULL ? NULL : strchr(pass, '[');

I changed the behavior to always use the complete hash out of the file 
because I don't use pam.

Does anyone know if [ chars are allowed in md5 hashs?

Kind Regards
Fabrizio Steiner



More information about the dovecot mailing list