Hello
I've migrated to dovecot-1.0beta3 and I have taken over the password
files from an older system. For some reason the md5 hashs have "["
chars
in the salt.
For example like this $1$[xxxXX[E$bg/d4JdSSf2kTL8sXXxXXX
Now the problem is that in the file src/auth/db-passwd-file.c on line 43
for libpam-pwdfile compatibility it will be searched for "[" to find
the
type of the password hash. Then only the hash up to this point will be
used in future for comparing the passwords.
The problem line.
p = pass == NULL ? NULL : strchr(pass, '[');
I changed the behavior to always use the complete hash out of the file
because I don't use pam.
Does anyone know if [ chars are allowed in md5 hashs?
Kind Regards
Fabrizio Steiner
On Fri, 2006-03-31 at 03:43 +0200, Fabrizio Steiner wrote:> I've migrated to dovecot-1.0beta3 and I have taken over the password > files from an older system. For some reason the md5 hashs have "[" chars > in the salt. > > For example like this $1$[xxxXX[E$bg/d4JdSSf2kTL8sXXxXXX > > Now the problem is that in the file src/auth/db-passwd-file.c on line 43 > for libpam-pwdfile compatibility it will be searched for "[" to find the > type of the password hash. Then only the hash up to this point will be > used in future for comparing the passwords.Hmm. The whole pam-passwd-file compatibility is probably useless.. Well, I'll just fix the check to be better for now.