similar to: Crypt key

Greetings, this is less of a bug report or a help request, but we would like to know if someone can explain the following: Environment: Centos 7 with Dovecot 2.3.4-2 default_pass_scheme = BLF-CRYPT password hash in database : BLF-CRYPT login = works default_pass_scheme = SHA512 or SHA256-CRYPT password hash in database : BLF-CRYPT login = also works default_pass_scheme = BLF-CRYPT password

In particular glibc's crypt will return NULL / errno == ENOSYS and other implementations might do that in future too. --- customize/crypt-c.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/customize/crypt-c.c b/customize/crypt-c.c index d5425cfaa..e358018cd 100644 --- a/customize/crypt-c.c +++ b/customize/crypt-c.c @@ -21,6 +21,7 @@ #include <stdio.h> #include

Running postfix+dovecot+mysql on a mac-mini, and trying to solve this puzzle. Is this a Mac issue?, a MySQL issue? or something I haven't configured in? You can see from the output of the samples shows in the first case, that SHA512-CRYPT seems to be Unknown. The code I used is from a Linux based tutorial on setting up Postfix+Dovecot+MySQL on a site. Everything is generally going ok, apart

> You could configure default scheme as CRYPT. It covers these all. Otherwise > you need to make sure passwords have {SCHEME} prefix when it differs from > default or oddities occur. --- Thank you for the tip with CRYPT. Is there any explanation for this behaviour though? Why are BCRYPT hashes accepted when default_pass_scheme is set to SHA512-CRYPT and not vice versa? Is this

I've decided that having users supply cleartext passwords for me to encrypt and encode is a bad idea, anyway. So maybe I won't need dovecotpw. The idea is that users supply an already-encrypted password. Most of the users can fetch their login password from /etc/shadow on their own computer. Wiki page http://wiki.dovecot.org/Authentication/PasswordSchemes indicates that scheme name

Problem: Using MySQL storage for the user and password db with MD5-CRYPT hashes, Dovecot fails to successfully authenticate when the MD5-CRYPT or MD5 settings are specified as default_pass_scheme in dovecot-mysql.conf. Dovecot /does/ successfully authenticate against MD5-CRYPT hashes when default_pass_scheme is set to CRYPT, which according to the docs should be DES encryption. (I do not

Hello, If I try to use the crypt schemes provided by libc. I fail as follows: jnikula at jlaptop:~/$ doveadm pw -s SHA512-CRYPT -p 123456 {SHA512-CRYPT}$6$to2umWLDtqvzS8SV$ZGpBeGNKuUN/2HKG6I2BEAt.Gzrz/y.SZDkos2GT2ik8obnp3XCFWfVsKVriJa6jjHULmLIqCSSyaF5YrTH7u. jnikula at jlaptop:~/$ doveadm pw -t

First of all, hello to the list. I'm currently migrating from a /etc/passwd and /etc/shadow based configuration to a MySQL based one using dovecot 99.14 on debian sarge. The problem is that the /etc/shadow containes both DES encoded (Crypt) and md5 based passwords. I've set the default system to be Crypt, and have added {MD5-CRYPT} in front of the md5 passwords in place of the $1$

The wiki[1] says: If all the passwords are in same format, you can use default_pass_scheme to specify it. Otherwise each password needs to be prefixed with "{password-scheme}", for example "{plain}plaintext-password". Why doesn't dovecot recognize the crypt scheme identifier ($1$ for MD5-CRYPT, $6$ for SHA512-CRYPT etc.)? At the moment I have to have the following in my db

What it is way most best for causing bash script run (as root) of time mailbox created (lda_mailbox_autocreate)? I use dovecot 2.3.4.1 in Debian 10. And I use of mail-crypt-plugin https://doc.dovecot.org/configuration_manual/mail_crypt_plugin/ I setup mail-crypt for requiring user encrypted EC key (mail_crypt_require_encrypted_user_key = yes). I want for passphrase encrypt EC key using client

Hi, Not sure if this is a PBKAC or not:- root at ds3:/usr/share/postfixadmin# doveadm pw -s SHA512-CRYPT -p password {SHA512-CRYPT}$6$aUgGXP0UshkMj7hY$9JV4yMRsjIe/98CzmglYrMjf.9NJ.FXzxcLE9B0v3doCRUWo2wRncc6hg6VCs0DCUHQbeC/bRDZdGCge/nB/h/ root at ds3:/usr/share/postfixadmin# doveadm pw -t

Hi The blf-crypt password schema mentioned in the docs could be a solution to my auth problem. However, the docs state that actual support depends on the glibc. Mine apparently doesn't. Does support depend on the glibc's version (mine is 2.15-r2)? Maybe someone with access to a box with a good enough glibc could do the following and post the hash for the plain password "test"?

https://bugzilla.mindrot.org/show_bug.cgi?id=2112 Bug ID: 2112 Summary: Android doesn't provide an implementation of crypt(). Product: Portable OpenSSH Version: 6.2p1 Hardware: Other OS: Linux Status: NEW Severity: minor Priority: P5 Component: Build system Assignee:

Platform is Solaris 8 on a 280R. I'm setting up a new installation of Dovecot, and I ran into some troubles that I've partly tracked down. I setup auth/user dbs with LDAP initially, and things worked well. Passwords are stored as "{crypt}zxcv..." in LDAP. I setup SQL, and began getting this: dovecot: Jan 23 16:37:47 Error: child 8718 (auth-worker) killed with signal 11

glibc 2.27 removes crypt(3) and suggests using libxcrypt. libxcrypt requires <crypt.h> to be included. --- customize/Makefile.am | 1 + customize/crypt-c.c | 4 ++++ m4/guestfs-misc-libraries.m4 | 27 +++++++++++++++++++-------- 3 files changed, 24 insertions(+), 8 deletions(-) diff --git a/customize/Makefile.am b/customize/Makefile.am index b4ec9286a..a22e25c46 100644

Hello, I am wondering which variant is more secure for user authentication and password scheme. Basically I am looking at both variants: 1) MD5-CRYPT password scheme storage with CRAM-MD5 auth mechanism 2) SHA512-CRYPT password scheme storage with PLAIN auth mechanism In my opinion the option 2) should be safer although it is using PLAIN auth mechanism. Of course I would always use STARTTLS and

Hello, With current portable master source tree HAVE_CRYPT and HAVE_DES_CRYPT are not defined. It seems to me this is regression introduced with implementation of configure options --with-openssl. Impacted code is in xcrypt.c: ... # if defined(WITH_OPENSSL) && !defined(HAVE_CRYPT) && defined(HAVE_DES_CRYPT) # include <openssl/des.h> # define crypt DES_crypt # endif ...

Hi, I use Debian jessie with Dovecot 2.2.13-11. While writing a script for Horde to change the passwords in my passwd file I noticed doveadm pw -t fails for SHA512-CRYPT: # doveadm pw -s SHA1 -p test {SHA1}qUqP5cyxm6YcTAhz05Hph5gvu9M= # doveadm pw -t {SHA1}qUqP5cyxm6YcTAhz05Hph5gvu9M= -p test {SHA1}qUqP5cyxm6YcTAhz05Hph5gvu9M= (verified) # doveadm pw -s SHA512-CRYPT -p test

Dear friends, We have samba-3.0.21c-1 under RH9 + openldap 2.3.11 under FC4. When a windows user changes his password using Ctrl-Alt-Del the password is stored on ldap in SSHA format but we need to work with CRYPT because we have some apps that don't support SSHA. These are the lines related with authentication defined in smb.conf: encrypt passwords = yes ldap passwd sync = Yes

dovecot 1.1.15 in src/auth/password-scheme.c contains: static bool crypt_verify(const char *plaintext, const char *user ATTR_UNUSED, const unsigned char *raw_password, size_t size) { const char *password; if (size == 0) { /* the default mycrypt() handler would return match */ return FALSE; } password =