[Dovecot] Storing passwords encrypted... bcrypt?

Noel Butler noel.butler at ausics.net
Thu Jan 5 04:36:38 EET 2012


On Thu, 2012-01-05 at 03:26 +0100, Pascal Volk wrote:

> On 01/05/2012 02:59 AM Noel Butler wrote:
> > We use  Crypt::PasswdMD5 -
> > unix_md5_crypt()  for all general password storage including mail/ftp
> > etc, except for web, where we need to use apache_md5_crypt().
> 
> Huh, why do you need to store passwords in Apaches md5 crypt() format?
> 


Because with multiple servers, we store them all in (replicated)
mysql :)  (the same with postfix/dovecot).
and as I'm sure you are aware, Apache does not understand standard
crypted MD5, hence why there is the second option of apache_md5_crypt()



> ,--[ Apache config ]--
> | AuthType Basic
> | AuthName "bla …"
> | AuthBasicProvider dbm
> | AuthDBMUserFile /path/2/.htpasswd
> | Require valid-user
> | Order allow,deny
> | Allow from 203.0.113.0/24 2001:db8::/32
> | Satisfy any
> `--


-------------- next part --------------
A non-text attachment was scrubbed...
Name: face-smile.png
Type: image/png
Size: 873 bytes
Desc: not available
URL: <http://dovecot.org/pipermail/dovecot/attachments/20120105/c7e488eb/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL: <http://dovecot.org/pipermail/dovecot/attachments/20120105/c7e488eb/attachment-0004.bin>


More information about the dovecot mailing list