Hi, I use ISPConfig 3.0.5.3 I want to change the user mailbox password encryption from crypt to cram-md5. I already change the dovecot default_pass_scheme = CRAM-MD5 and if I insert a "cram-md5" password in the db the authentication is successful but if I create the password from ispconfig, it put it back to crypt. I find many place where crypt is used in the ispconfig file but I just want to change those for email. one of the file I think might help me is this one: /interface/web/mail/form/mail_user.tform.php with the line: Code: 'password' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'PASSWORD', 'encryption'=> 'CRYPT', do anyone know if I can just change 'CRYPT' to 'CRAM-MD5' or do I need to change it elsewhere? am I on the right track or not? Thank you
ISPConfig des not support CRAM-MD5. So if you would want to use that, you will have to implement the encryption mechanism in the ispconfig tform library and remote API first.
Thank you till, do you have any hint on how to do it? if you can just point me the file used to do this, I'll try to find how by myself. Thank you
I have a Debian 7 with ISPConfig 3.0.5.3 I use Postfix and Dovecot this setting is working for my setup but I can't guarantee it will work for yours. I edited this file /usr/local/ispconfig/interface/web/mailuser/form/mail_user_password.tform.php From: Code: 'password' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'PASSWORD', 'encryption' => 'CRYPT', 'default' => '', 'value' => '', 'width' => '30', 'maxlength' => '255' ), To: Code: 'password' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'PASSWORD', 'encryption' => 'CRAM-MD5', 'default' => '', 'value' => '', 'width' => '30', 'maxlength' => '255' ), This file /usr/local/ispconfig/interface/web/mail/form/mail_user.tform.php From: Code: 'password' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'PASSWORD', 'encryption'=> 'CRYPT', 'default' => '', 'value' => '', 'width' => '30', 'maxlength' => '255' ), To: Code: 'password' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'PASSWORD', 'encryption'=> 'CRAM-MD5', 'default' => '', 'value' => '', 'width' => '30', 'maxlength' => '255' ), this file /usr/local/ispconfig/interface/lib/classes/tform.inc.php From: Code: // go trough all fields of the tab if(is_array($record)) { foreach($this->formDef['tabs'][$tab]['fields'] as $key => $field) { // Wenn es kein leeres Passwortfeld ist if (!($field['formtype'] == 'PASSWORD' and $record[$key] == '')) { // Erzeuge Insert oder Update Quelltext if($action == "INSERT") { if($field['formtype'] == 'PASSWORD') { $sql_insert_key .= "`$key`, "; if($field['encryption'] == 'CRYPT') { $record[$key] = $app->auth->crypt_password(stripslashes($record[$key])); $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; } elseif ($field['encryption'] == 'MYSQL') { $tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`"); $record[$key] = $tmp['crypted']; $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; } elseif ($field['encryption'] == 'CLEARTEXT') { $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; } else { $record[$key] = md5(stripslashes($record[$key])); $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; } } elseif ($field['formtype'] == 'CHECKBOX') { $sql_insert_key .= "`$key`, "; if($record[$key] == '') { // if a checkbox is not set, we set it to the unchecked value $sql_insert_val .= "'".$field['value'][0]."', "; $record[$key] = $field['value'][0]; } else { $sql_insert_val .= "'".$record[$key]."', "; } } else { $sql_insert_key .= "`$key`, "; $sql_insert_val .= "'".$record[$key]."', "; } } else { if($field['formtype'] == 'PASSWORD') { if(isset($field['encryption']) && $field['encryption'] == 'CRYPT') { $record[$key] = $app->auth->crypt_password(stripslashes($record[$key])); $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; } elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') { $tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`"); $record[$key] = $tmp['crypted']; $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; } elseif (isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') { $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; } else { $record[$key] = md5(stripslashes($record[$key])); $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; } } elseif ($field['formtype'] == 'CHECKBOX') { if($record[$key] == '') { // if a checkbox is not set, we set it to the unchecked value $sql_update .= "`$key` = '".$field['value'][0]."', "; $record[$key] = $field['value'][0]; } else { $sql_update .= "`$key` = '".$record[$key]."', "; } } else { $sql_update .= "`$key` = '".$record[$key]."', "; } } } else { // we unset the password filed, if empty to tell the datalog function // that the password has not been changed unset($record[$key]); } } } To: Code: // go trough all fields of the tab if(is_array($record)) { foreach($this->formDef['tabs'][$tab]['fields'] as $key => $field) { // Wenn es kein leeres Passwortfeld ist if (!($field['formtype'] == 'PASSWORD' and $record[$key] == '')) { // Erzeuge Insert oder Update Quelltext if($action == "INSERT") { if($field['formtype'] == 'PASSWORD') { $sql_insert_key .= "`$key`, "; if($field['encryption'] == 'CRYPT') { $record[$key] = $app->auth->crypt_password(stripslashes($record[$key])); $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; } elseif($field['encryption'] == 'CRAM-MD5') { $record[$key] = $app->auth->crammd5_password(stripslashes($record[$key])); $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; } elseif ($field['encryption'] == 'MYSQL') { $tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`"); $record[$key] = $tmp['crypted']; $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; } elseif ($field['encryption'] == 'CLEARTEXT') { $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; } else { $record[$key] = md5(stripslashes($record[$key])); $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; } } elseif ($field['formtype'] == 'CHECKBOX') { $sql_insert_key .= "`$key`, "; if($record[$key] == '') { // if a checkbox is not set, we set it to the unchecked value $sql_insert_val .= "'".$field['value'][0]."', "; $record[$key] = $field['value'][0]; } else { $sql_insert_val .= "'".$record[$key]."', "; } } else { $sql_insert_key .= "`$key`, "; $sql_insert_val .= "'".$record[$key]."', "; } } else { if($field['formtype'] == 'PASSWORD') { if(isset($field['encryption']) && $field['encryption'] == 'CRYPT') { $record[$key] = $app->auth->crypt_password(stripslashes($record[$key])); $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; } elseif($field['encryption'] == 'CRAM-MD5') { $record[$key] = $app->auth->crammd5_password(stripslashes($record[$key])); $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; } elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') { $tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`"); $record[$key] = $tmp['crypted']; $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; } elseif (isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') { $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; } else { $record[$key] = md5(stripslashes($record[$key])); $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; } } elseif ($field['formtype'] == 'CHECKBOX') { if($record[$key] == '') { // if a checkbox is not set, we set it to the unchecked value $sql_update .= "`$key` = '".$field['value'][0]."', "; $record[$key] = $field['value'][0]; } else { $sql_update .= "`$key` = '".$record[$key]."', "; } } else { $sql_update .= "`$key` = '".$record[$key]."', "; } } } else { // we unset the password filed, if empty to tell the datalog function // that the password has not been changed unset($record[$key]); } } } and this file /usr/local/ispconfig/interface/lib/classes/auth.inc.php I added: Code: public function crammd5_password($cleartext_password) { $crypted_password = rtrim(shell_exec(escapeshellcmd("/usr/bin/doveadm pw -s CRAM-MD5 -p $cleartext_password"))); return str_replace("{CRAM-MD5}","",$crypted_password); } then, when I create or edit user mailbox, the password is in CRAM-MD5 format from Dovecot
