pure-ftpd does not support passwords with explicit rounds

Hello,

I have a similar issue to https://www.howtoforge.com/community/threads/pure-ftpd-mysql-passwords-hash-not-working.83283/, however, here the only difference is the amount of rounds specified in the SHA-512 hash. If the passwords are specified in $6$HASH "roundless" format, then they work. If they are specified in $6$rounds=5000$HASH "roundful" format, then they do not work.

I verified that by manually checking that the password is valid against each hash (roundless and roundful) and by manually updating the roundful account password with the roundless version and getting login success.

The operating system is Debian 10, pure-ftpd is set to use MySQL crypt function. MySQL is 15.1 Distrib 10.3.31-MariaDB. ISPConfig is 3.2.7p1.

I believe it is ISPConfig that updated the passwords to an incompatible format, since I have few accounts created manually, and their hash format previously matched the ones ISPConfig created. Now these entries are the only ones left with this roundless format, and they are also the only working ones. To clarify, updating ISPConfig-managed pure-ftpd entry with a roundless hash does make login succeed.

Please address the issue by reverting to a roundless format in a subsequent update or provide a way to make pure-ftpd work with roundful formats. Thanks!

 

Hi Till, that was very helpful indeed. I checked the passwords, and discovered that the problematic one I have access to contains an ! symbol. Once I removed it and updated the password I was able to log in. To my defence, the password was generated by ISPConfig.