Hello all... I am migrating some users(about 200) from one server to ispconfig... i have both their plain text and encrypted passwords available to me. When i update the user's password field in the database wit the encrypted one, it does not work even after a sync of the email boxes under tools. I am no encryption expert so i am not sure how it works ... Current encrypted password look like this, they al end with a ==(the salt?) iBToh9LME5GhF0Hfwuaezw== Since they do not work i was thinking of just encrypting the clear text into crypt?? Suggestions? Thanks...
ok so doing this openssl passwd -crypt some_passwd gives me this alCD5A7r.XXa. When i insert this into mysql under the user's login field in mail_users and try to login in with his email address and the password some_password in webmail as a test it does not work.... Ideas?
I would recommend to use a password with salt, you can use e.g. this PHP function: Code: public function crypt_password($cleartext_password) { $salt="$1$"; $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'; for ($n=0;$n<8;$n++) { $salt.=$base64_alphabet[mt_rand(0, 63)]; } $salt.="$"; return crypt($cleartext_password, $salt); }
Hello, so i tried to do this and it does not work.. UPDATE mail_user SET password = md5('SomePassword') WHERE email = '[email protected]'; Query OK, 1 row affected (0.00 sec) Rows matched: 1 Changed: 1 Warnings: 0 I see the password field does get updated and mysql comes back with an OK But when trying to login in via webmail the password does not work, I can easily change it back with web gui and all is good, but i just needed to make a mass password update for a migration.. Am I missing something? Thanks..
You use the wrong encryption. The password of email accounts is encrypted with crypt-md5 (see the code I posted in #6) and not with md5.
md5() in mysql generates an md5 checksum, which isn't suitable for (nor compatible with) use as a password; what you need is something like: Code: MariaDB [dbispconfig]> update mail_user set password = (select ENCRYPT('SomePassword', CONCAT('$1$', salt)) salt FROM (SELECT FLOOR(RAND() * 0xFFFFFFFF) AS salt) t1) where email = '[email protected]'; Query OK, 1 row affected (0.00 sec) Rows matched: 1 Changed: 1 Warnings: 0 (You may find it easier to just to calculate the password in your script prior to passing it to mysql.)
lol, ok a quick question, so we have a multi server setup, we have a mail server, mysql server and web server, these updates should be done on the mail server mysql database i assume? Not on the main one on the web server?
The update has to be done on the master server and then use Tools > Resync to sync the other servers after this manual database change.