[Dovecot] Storing passwords encrypted... bcrypt?

Noel Butler noel.butler at ausics.net
Thu Jan 5 09:19:10 EET 2012


On Thu, 2012-01-05 at 04:05 +0100, Pascal Volk wrote: 

> On 01/05/2012 03:36 AM Noel Butler wrote:
> 
> > 
> > Because with multiple servers, we store them all in (replicated)
> > mysql :)  (the same with postfix/dovecot).
> > and as I'm sure you are aware, Apache does not understand standard
> > crypted MD5, hence why there is the second option of apache_md5_crypt()
> 
> Oh, let me guess: You are using Windows, Netware, TPF as OS for your
> web servers? ;-)
> 
> man htpasswd | grep -- '-d  '
>        -d     Use crypt() encryption for passwords. This is not supported by the httpd server on Windows and Netware and TPF.
> 
> 
> As you may have seen in my previous mail, the password is generated
> using crypt(). HTTP Authentication works with that password hash, even
> with the httpd from the ASF.
> 


I think you need to do some homework, and although I now have 3.25 days
of holidays remaining, I don't intend to waste them educating anybody
hehe. Assuming you even know what I'm talking about, which I suspect you
don't since you keep using console commands and things like htpasswd,
which does not write to a mysql db, you don't seem to have comprehended
that I do not work with flat files nor local so it is irrelevant, I use
perl scripts for all systems management, so I hope you are not going to
suggest that I should make a system call when I can do it natively in
perl.

But please, by all means, create a mysql db using a system crpyted md5
password, I'll even help ya, openssl passwd -1  foobartilly

$1$e3a.f3uW$SYRQiMlEhC5XlnSxtxiNC/

pop the entry into the db and go for your life trying to authenticate. 


and when you've gone through half bottle of bourbon trying to figure out
why its not working, try the apache crypted md5 version $apr1$yKxk.DrQ
$ybcmM8mC1qD5t5FvoY9820  

If you stop, and think about what I've said, you just might wake up to
what I've been saying.


Cheers


PS me use windaz? wash your bloody mouth out mister!  ;)   (Slackware
all the way)






-------------- next part --------------
A non-text attachment was scrubbed...
Name: face-wink.png
Type: image/png
Size: 876 bytes
Desc: not available
URL: <http://dovecot.org/pipermail/dovecot/attachments/20120105/9a20844c/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL: <http://dovecot.org/pipermail/dovecot/attachments/20120105/9a20844c/attachment-0004.bin>


More information about the dovecot mailing list