Remove encrypt from Postfix

Discussion in 'Server Operation' started by Erth, Apr 16, 2009.

  1. Erth

    Erth New Member

    Hi, I have a server with ubuntu 8.04 and I install postfix with squirrelmail as webmail client.

    The problem is that I can login with a user with diferent passwords...

    encrypt( 'asdasd' ) ---- encrypt( 'asdasdas' ) ---- encrypt( 'asdasdasd' )
    84qY9JjFYznm. -------- 84MZ2n7FQQSfM -------- 84MZ2n7FQQSfM

    I have followed this howto:
    http://www.howtoforge.com/virtual-users-domains-postfix-courier-mysql-squirrelmail-ubuntu8.04

    I want remove encryption from passwords, any idea?

    Thx
     
    Last edited: Apr 21, 2009
  2. falko

    falko Super Moderator Howtoforge Staff

    Only the first eight characters are used for the encryption.
     
  3. Erth

    Erth New Member

    ok, then I will have to be restricted to 8 character passwords.

    Anyway, I am interested in removing the encryption or use the md5 (), it would be possible?

    Thanks.
     
  4. falko

    falko Super Moderator Howtoforge Staff

    You'd probably have to modify the Postfix and Courier configuration.
     
  5. Erth

    Erth New Member

    ok, but which files exactly? Because I looked in /etc/pam.d/smtp and I don't found and also looked in /etc/postfix/main.cfg and I don't saw anything x_X

    Any idea?

    Regards.
     
  6. falko

    falko Super Moderator Howtoforge Staff

    It's probably the /etc/postfix/mysql* files.
     
  7. Erth

    Erth New Member

    Here are these files, but I don't see nothing about encryption :(

    Code:
    root@host:/etc/postfix# cat mysql-virtual_*
    user = secret_user
    password = mega_secret_password
    dbname = secret_db
    query = SELECT domain AS virtual FROM domains WHERE domain='%s'
    hosts = secret_ip
    
    user = secret_user
    password = mega_secret_password
    dbname = secret_db
    query = SELECT email FROM users WHERE email='%s'
    hosts = secret_ip
    
    user = secret_user
    password = mega_secret_password
    dbname = secret_db
    query = SELECT destination FROM forwardings WHERE source = '%s'
    #query = SELECT destination FROM forwardings WHERE source LIKE '%%s'
    #query = INSERT INTO test (valor) VALUES ('%%s')
    hosts = secret_ip
    
    user = secret_user
    password = mega_secret_password
    dbname = secret_db
    query = SELECT CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@
    hosts = secret_ip
    
    user = secret_user
    password = mega_secret_password
    dbname = secret_db
    query = SELECT quota FROM users WHERE email='%s'
    hosts = secret_ip
    
    user = secret_user
    password = mega_secret_password
    dbname = secret_db
    query = SELECT transport FROM transport WHERE domain='%s'
    hosts = secret_ip
     
  8. falko

    falko Super Moderator Howtoforge Staff

    I'm sorry, but I can't help you since I haven't tried this.
     
  9. Erth

    Erth New Member

    Hi, finally I found the file.

    I edit /etc/courier/authmysqlrc and I commented this line
    #MYSQL_CRYPT_PWFIELD password
    and uncommented this:
    MYSQL_CLEAR_PWFIELD password

    Regards.
     

Share This Page