similar to: [Bug 16] MD5 passwords not detected on Linux

After I found out that {CRYPT} doesn't support passwords longer than 8 characters, I decided to switch over to MD5 for user passwords in my LDAP database. However, while I have no problem with Postfix + SASL, Dovecot fails to authenticate. Relevant bits from /etc/dovecot-ldap.conf: user_attrs = mailAddress,,,,, # The search string is identical to what's found in /etc/saslauthd.conf:

https://bugzilla.mindrot.org/show_bug.cgi?id=1969 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |djm at mindrot.org Resolution|---

First of all, hello to the list. I'm currently migrating from a /etc/passwd and /etc/shadow based configuration to a MySQL based one using dovecot 99.14 on debian sarge. The problem is that the /etc/shadow containes both DES encoded (Crypt) and md5 based passwords. I've set the default system to be Crypt, and have added {MD5-CRYPT} in front of the md5 passwords in place of the $1$

> Changing your php app will probably be the easiest solution. Since I?m using Docker, the easiest solution for me is to find a linux distro that can run Dovecot well and supports BLF-CRYPT as well. What Linux distros support BLF-CRYPT and are well tested and secure? > On Jun 5, 2016, at 8:54 PM, Edgar Pettijohn <edgar at pettijohn-web.com> wrote: > > On 16-06-05 20:36:35, KT

> I would love to know why your ubuntu 14.04 system doesn't support sha512-crypt. I just tried SHA512-CRYPT and it is supported on Ubuntu 14.04. I think I was thinking about DBMail instead of Dovecot. I could really use support for BLF-CRYPT since my current password hashes generated by PHP are using Blowfish encryption. Maybe, Dovecot could just add support for BLF-CRYPT by using the

>> Maybe, Dovecot could just add support for BLF-CRYPT by using the open source implementation of Blowfish hashing found in https://github.com/php/php-src/tree/master/ext/standard <https://github.com/php/php-src/tree/master/ext/standard>. The implementation looks like a single function to generate the hash. I?m not much of a programmer, but it would seem to me that these .c/.h files

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 1.2.1pre25 is out. Please use a mirror: http://violet.ibs.com.au/openssh/files/MIRRORS.html The following mirrors already have it: ftp://ftp.localhost.ca/pub/openssh/files/ ftp://thermo.stat.ncsu.edu/pub/openssh/files/ http://www.firedrake.org/openssh/files/ Changes: - - "Corrupted check bytes on input" when using triple DES has been

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 1.2.1pre25 is out. Please use a mirror: http://violet.ibs.com.au/openssh/files/MIRRORS.html The following mirrors already have it: ftp://ftp.localhost.ca/pub/openssh/files/ ftp://thermo.stat.ncsu.edu/pub/openssh/files/ http://www.firedrake.org/openssh/files/ Changes: - - "Corrupted check bytes on input" when using triple DES has been

http://bugzilla.mindrot.org/show_bug.cgi?id=766 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX ------- Additional Comments From djm at mindrot.org 2005-04-21 18:09

(I subscribed to a daily digest for this list and can?t figure out how to reply to a reply.) Anyway, Aki Tuomi replied to my feature request saying: > We support in latest 2.2 release > > MD5 MD5-CRYPT SHA SHA1 SHA256 SHA512 SMD5 SSHA SSHA256 SSHA512 PLAIN > CLEAR CLEARTEXT PLAIN-TRUNC CRAM-MD5 SCRAM-SHA-1 HMAC-MD5 DIGEST-MD5 > PLAIN-MD4 PLAIN-MD5 LDAP-MD5 LANMAN NTLM OTP SKEY

Hi all. Solaris 10's default libcrypto does not have support for AES 192 and 256 bit functions. The attached patch, against -current, and based partially on an earlier one by djm, will use OpenSSH's builtin rijndael code for all AES crypto functions and thus will allow it to build and function on Solaris 10 without the extra crypto packages (SUNWcry, SUNWcryr) or a locally built OpenSSL.

I have a dovecot installing working quite well for around 1000 users using passwd-file authentication. I'm moving to LDAP and would sure love to be able to migrate the existing MD5 passwords. I've tried using ldapmodify to set "userPassword" to {CRYPT}$1$H8JE0k5X$y.ptShgYbOgWF.99lX88N1 and {MD5}$1$H8JE0k5X$y.ptShgYbOgWF.99lX88N1 In both cases, ldapmodify exits without errors

On Thu, Jul 21, 2016 at 12:31 PM, Selphie Keller <selphie.keller at gmail.com> wrote: > Ahh i see, just got up to speed on the issue, so seems like the issue is > related to blowfish being faster then sha family hashing for longer length > passwords, or the system's crypt() not understanding $2a$ -style salts, which most glibcs don't. On those, crypt fails immediately due

https://bugzilla.mindrot.org/show_bug.cgi?id=1469 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |WONTFIX Status|NEW |RESOLVED CC|

http://bugzilla.mindrot.org/show_bug.cgi?id=1273 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX CC|

https://bugzilla.mindrot.org/show_bug.cgi?id=742 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |WONTFIX CC|

https://bugzilla.mindrot.org/show_bug.cgi?id=1753 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org Resolution|--- |WONTFIX Status|NEW

http://bugzilla.mindrot.org/show_bug.cgi?id=943 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |WONTFIX CC| |djm

https://bugzilla.mindrot.org/show_bug.cgi?id=819 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |djm at mindrot.org Resolution|---

When using CRYPT to encrypt the password, you must put the following in dovecot-sql.conf.ext default_pass_scheme = CRYPT I hope this can help more people, in addition to leave you as I did my query: password_query = \ SELECT password \ FROM users WHERE login = '%u -- editor de sue?os