On 15/08/2017 22:23, Noel Butler wrote:> On 15/08/2017 21:25, voytek at sbt.net.au wrote: > >> On Tue, August 15, 2017 8:03 pm, Sami Ketola wrote: >> On 15 Aug 2017, at 2.50, voytek at sbt.net.au wrote: >> >> how do I generate hashed string from my password ? >> use this sql command: >> >> GRANT SELECT ON vmail TO 'vmail'@'127.0.0.1' IDENTIFIED BY >> PASSWORD('yourpassword'); >> >> or if you just want to see the hash: >> >> SELECT PASSWORD('yourpassword'); > > Sami, thanks > > I'm running in circles here.. I thought it worked once, but, couldn't > repeat it after > > OK, I've made user 'test' with pw 'test1234' > > using keyborad to enter test1234 I get: > > # mysql -u test -p > Enter password: > Welcome to the MariaDB monitor. Commands end with ; or \g. > Your MariaDB connection id is 1377 > Server version: 10.1.19-MariaDB MariaDB Server > > Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others. > > Type 'help;' or '\h' for help. Type '\c' to clear the current input > statement. > > MariaDB [(none)]> show databases; > +--------------------+ > | Database | > +--------------------+ > | information_schema | > | test | > +--------------------+ > 2 rows in set (0.00 sec) > > MariaDB [(none)]> > > NOW: > > MariaDB [(none)]> SELECT PASSWORD('test1234'); > +-------------------------------------------+ > | PASSWORD('test1234') | > +-------------------------------------------+ > | *3D3B92F242033365AE5BC6A8E6FC3E1679F4140A | > +-------------------------------------------+ > 1 row in set (0.00 sec) > > MariaDB [(none)]> quit > > copied '*3D3B92F242033365AE5BC6A8E6FC3E1679F4140A' to buffer > > paste from buffer below, fail > > # mysql -u test -p > Enter password: > ERROR 1045 (28000): Access denied for user 'test'@'localhost' (using > password: YES) > > HUH? > > Are you trying to login to mysql using the hash itself? > > That wont work, and its not what you are supposed to be doing as evident > by fact you can login using plain password, you're looking in the wrong > area, since the database stores passwords hashed, you enter it in, in > plain text, the database them does its magic to convert what you entered > in, into a hash and does the matching in its own backend, so to speak. > > if you put in your dovecot sql file, the vmail password in plain text > and not hashed output, it should work, you have to make sure the sql > file is chmod 600 so any normal users with access cant read the file(s). > > -- > Kind Regards, > > Noel Butler > > This Email, including any attachments, may contain legally privileged > information, therefore remains confidential and subject to copyright > protected under international law. You may not disseminate, discuss, or > reveal, any part, to anyone, without the authors express written > authority to do so. If you are not the intended recipient, please notify > the sender then delete all copies of this message including attachments, > immediately. Confidentiality, copyright, and legal privilege are not > waived or lost by reason of the mistaken delivery of this message. Only > PDF [1 [1]] and ODF [2 [2]] documents accepted, please do not send proprietary > formatted documents > > Links: > ------ > [1] http://www.adobe.com/ > [2] http://en.wikipedia.org/wiki/OpenDocumentOK dunno wjhat happend with format but to simplify it: HUH? Are you trying to login to mysql using the hash itself? That wont work, and its not what you are supposed to be doing as evident by fact you can login using plain password, you're looking in the wrong area, since the database stores passwords hashed, you enter it in, in plain text, the database them does its magic to convert what you entered in, into a hash and does the matching in its own backend, so to speak. if you put in your dovecot sql file, the vmail password in plain text and not hashed output, it should work, you have to make sure the sql file is chmod 600 so any normal users with access cant read the file(s). -- Kind Regards, Noel Butler This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate, discuss, or reveal, any part, to anyone, without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF [1] and ODF [2] documents accepted, please do not send proprietary formatted documents Links: ------ [1] http://www.adobe.com/ [2] http://en.wikipedia.org/wiki/OpenDocument -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: <http://dovecot.org/pipermail/dovecot/attachments/20170815/13245396/attachment.sig>
voytek at sbt.net.au
2017-Aug-15 12:58 UTC
migrating 2.1 to 3.x, sql pass scheme, pass value?
On Tue, August 15, 2017 10:27 pm, Noel Butler wrote:> HUH? > Are you trying to login to mysql using the hash itself?Noel, thanks!! oops, misunderstood instruction... this is better: USER voytek at xxxxx.tld +OK PASS ********** +OK Logged in. LIST +OK 0 messages:> That wont work, and its not what you are supposed to be doing as evident > by fact you can login using plain password, you're looking in the wrong > area, since the database stores passwords hashed, you enter it in, in > plain text, the database them does its magic to convert what you entered > in, into a hash and does the matching in its own backend, so to speak.what value should I have in /etc/dovecot/dovecot-mysql.conf in default_pass_scheme = ??? V
On 15/08/2017 22:58, voytek at sbt.net.au wrote:> On Tue, August 15, 2017 10:27 pm, Noel Butler wrote: > >> HUH? >> Are you trying to login to mysql using the hash itself? > > Noel, thanks!! > > oops, misunderstood instruction... > > this is better: > > USER voytek at xxxxx.tld > +OK > PASS ********** > +OK Logged in. > LIST > +OK 0 messages: > >> That wont work, and its not what you are supposed to be doing as evident >> by fact you can login using plain password, you're looking in the wrong >> area, since the database stores passwords hashed, you enter it in, in >> plain text, the database them does its magic to convert what you entered >> in, into a hash and does the matching in its own backend, so to speak. > > what value should I have in /etc/dovecot/dovecot-mysql.conf > in > default_pass_scheme = ??? > > VUse: CRYPT This allows you to use whatever your system supports in your database password fields, with modern OS's thats anything from md5 (shudder the thought) to salted sha512 and probably more these days depending on what other goodies your distro adds, dovecot will send it to the underlying OS crypt function that does all the hard work. -- Kind Regards, Noel Butler This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate, discuss, or reveal, any part, to anyone, without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF [1] and ODF [2] documents accepted, please do not send proprietary formatted documents Links: ------ [1] http://www.adobe.com/ [2] http://en.wikipedia.org/wiki/OpenDocument -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: <http://dovecot.org/pipermail/dovecot/attachments/20170816/4e979be6/attachment.sig>