I am looking for PHP functions that implement passwords that much the dovecotpw implementation. I downloaded one from PEAR, Crypt_HMAC, but the passwords it generates look nothing like the dovecotpw passwords, which could be my fault because I know nothing about the field. Is there a guide or some library that implements them to match dovecotpw?
On Mon, 2007-03-19 at 14:54 +0000, Frank Church wrote:> > I am looking for PHP functions that implement passwords that much the > dovecotpw implementation. > > I downloaded one from PEAR, Crypt_HMAC, but the passwords it > generates look nothing like the dovecotpw passwords, which could be my > fault because I know nothing about the field. > > Is there a guide or some library that implements them to match > dovecotpw?Are there any specific password schemes that you want to use? All the MD5 and SHA1 passwords should be easy to implement. If you want CRAM-MD5, I'm not aware of any non-C implementation of it. It's not the same as HMAC-MD5 for which there are some libraries. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20070319/a9d38938/attachment.bin>
On 3/19/07, Frank Church <voipfc at googlemail.com> wrote:> I am looking for PHP functions that implement passwords that much the > dovecotpw implementation. > > I downloaded one from PEAR, Crypt_HMAC, but the passwords it > generates look nothing like the dovecotpw passwords, which could be my > fault because I know nothing about the field. >All libraries/utilities I know generate an HMAC-MD5 string (32bytes). Dovecot uses HMAC-MD5-CONTEXTs (64bytes) for CRAM-MD5 authentication. See also: http://www.dovecot.org/list/dovecot/2006-December/018083.html Chris
On 19/03/07, Frank Church <voipfc at googlemail.com> wrote:> I am looking for PHP functions that implement passwords that much the > dovecotpw implementation. > > I downloaded one from PEAR, Crypt_HMAC, but the passwords it > generates look nothing like the dovecotpw passwords, which could be my > fault because I know nothing about the field. > > Is there a guide or some library that implements them to match dovecotpw? >After some further experimenting and checking the logs I managed to discover the problem. Setting the default_pass_scheme in /etc/dovecot/sql.conf fixed the problem Apparently the password scheme used by PostfixAdmin is the MD5-CRYPT type, but I suspect there could be still some issues with password comparision generation in some of its other modules /etc/dovecot/sql.conf ====================default_pass_scheme = MD5-CRYPT