Re: Pop mail virtual user security [LONG]
On 12/07/02 17:43, Tim van Erven wrote:
On Sat, Dec 07, 2002 at 04:39:54PM -0500, "Christopher W. Curtis" <email@example.com> wrote:
On 12/07/02 12:54, Tim van Erven wrote:
2) How are the passwordhashes in /etc/shadow generated from the
salt+password? I can't use 'passwd' to update popa3d's auth files, so
I need to generate them some other way.
Solid-pop3d (CVS only for VHosting) comes with spadm for this, but if
you're using standard /etc/shadow type crypt() entries, use htpasswd.
I can't find spadm in the solid-pop3d source. Are you sure it's there?
Sorry ... I did all that at my former job. ;-) I should've said spdbm.
But this will not do Linux crypt() things, it does BSD $1$xxxxx things.
Really - htpasswd (from Apache) does what you want.
htpasswd [-cmdps] passwordfile username
htpasswd -b[cmdps] passwordfile username password
htpasswd -n[mdps] username
htpasswd -nb[mdps] username password
-c Create a new file.
-n Don't update file; display results on stdout.
-m Force MD5 encryption of the password.
-d Force CRYPT encryption of the password (default).
-p Do not encrypt the password (plaintext).
-s Force SHA encryption of the password.
ccurtis@mail:~$ dpkg -S htpasswd
I'm currently considering using chpwdfile. Unfortunately it isn't
packaged for Debian and it's the author's first C program.