[Dovecot] SQL passdb lookups not working
Benjamin Montgomery
bmontgom at montynet.org
Sun Aug 14 18:19:25 EEST 2011
Just in case someone else runs into this...
I solved the problem that I described below by switching the password
encoding to base64. Also, with django, you have to monkey patch (based
on info from [1]) the set_password function in
django.contrib.auth.models.User. You also have to use a UserProfile
like described at [2]. Code below goes in models.py for your project.
import hashlib
import base64
from django.contrib.auth.models import User
# Save original User set_password method
orig_set_password = User.set_password
def set_password(user, raw_password):
if user.id == None:
user.save()
# Use the original method to set the django User password:
orig_set_password(user, raw_password)
userprofile, created = UserProfile.objects.get_or_create(user=user)
# Save the salt and sha digest in the correct format for dovecot
m = hashlib.sha1()
userprofile.salt = user.password.split('$')[1]
m.update(raw_password)
m.update(userprofile.salt)
userprofile.shadigest = base64.b64encode(m.digest() + userprofile.salt)
userprofile.save()
# Replace the method with the custom set_password
User.set_password = set_password
[1]
https://github.com/jedie/PyLucid/blob/master/pylucid_project/apps/pylucid/models/userprofile.py
[2]
https://docs.djangoproject.com/en/1.3/topics/auth/#storing-additional-information-about-users
On 8/7/2011 12:53 PM, Benjamin Montgomery wrote:
> Hello everyone,
>
> I'm trying to make dovecot do user authentication against a SQL
> database. The passwords (managed by Django) are stored as salted SHA1
> encoded in hex. I monkey patched Django's password method so that the
> password hash is made with <password><salt> (Django does
> <salt><password>, the patched method was verified to return same value
> as dovecotpw) and the passwords are stored in the database separately as
> the salted hash and the salt. When I query the values out of the
> database, I'm using MySQL's concat function to return the password as
> {SSHA.hex}<sha1 hash><salt>. Dovecot is not able to verify any passwords
> right now. I've scoured the wiki and I think my setup is
> correct...config info is below. Any advice on where to look for
> debugging or setup of my passwords would be appreciated!
>
> Ben
>
>
> dovecot-sql.conf:
>
> default_pass_scheme = SSHA.hex
>
> password_query = \
> SELECT emailmanager_emailaddresses.account AS username, \
> emailmanager_domain.name AS domain, \
> CONCAT('{SSHA.hex}', \
> emailmanager_userprofile.shadigest, \
> emailmanager_userprofile.salt \
> ) AS password \
> FROM emailmanager_emailaddresses \
> JOIN emailmanager_domain ON emailmanager_emailaddresses.id =
> emailmanager_domain.id \
> JOIN emailmanager_userprofile ON emailmanager_emailaddresses.id =
> emailmanager_userprofile.id \
> WHERE emailmanager_emailaddresses.account = '%n' \
> AND emailmanager_domain.name = '%d'
More information about the dovecot
mailing list