[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Pop mail virtual user security [LONG]

On 12/07/02 17:43, Tim van Erven wrote:
On Sat, Dec 07, 2002 at 04:39:54PM -0500, "Christopher W. Curtis" <ccurtis@aet-usa.com> wrote:
On 12/07/02 12:54, Tim van Erven wrote:
2) How are the passwordhashes in /etc/shadow generated from the
  salt+password? I can't use 'passwd' to update popa3d's auth files, so
  I need to generate them some other way.

Solid-pop3d (CVS only for VHosting) comes with spadm for this, but if you're using standard /etc/shadow type crypt() entries, use htpasswd.

I can't find spadm in the solid-pop3d source. Are you sure it's there?

Sorry ... I did all that at my former job. ;-)  I should've said spdbm.
But this will not do Linux crypt() things, it does BSD $1$xxxxx things.
Really - htpasswd (from Apache) does what you want.

ccurtis@mail:~$ htpasswd
        htpasswd [-cmdps] passwordfile username
        htpasswd -b[cmdps] passwordfile username password

        htpasswd -n[mdps] username
        htpasswd -nb[mdps] username password
 -c  Create a new file.
 -n  Don't update file; display results on stdout.
 -m  Force MD5 encryption of the password.
 -d  Force CRYPT encryption of the password (default).
 -p  Do not encrypt the password (plaintext).
 -s  Force SHA encryption of the password.
ccurtis@mail:~$ dpkg -S htpasswd
apache-common: /usr/bin/htpasswd

I'm currently considering using chpwdfile[1]. Unfortunately it isn't
packaged for Debian and it's the author's first C program.
1. http://eclipse.che.uct.ac.za/chpwdfile/



Reply to: