[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Pop mail virtual user security [LONG]

Ugh, forgot to send this to the list:

On Sun, 08/12/2002 07:04 -0500, Christopher W. Curtis wrote:
> On 12/07/02 17:43, Tim van Erven wrote:
>> On Sat, Dec 07, 2002 at 04:39:54PM -0500, "Christopher W. Curtis" 
>> <ccurtis@aet-usa.com> wrote:
>>> On 12/07/02 12:54, Tim van Erven wrote:
>>>> 2) How are the passwordhashes in /etc/shadow generated from the
>>>>  salt+password? I can't use 'passwd' to update popa3d's auth files, so
>>>>  I need to generate them some other way.
>>> Solid-pop3d (CVS only for VHosting) comes with spadm for this, but if 
>>> you're using standard /etc/shadow type crypt() entries, use htpasswd.
>> I can't find spadm in the solid-pop3d source. Are you sure it's there?
> Sorry ... I did all that at my former job. ;-)  I should've said spdbm.
> But this will not do Linux crypt() things, it does BSD $1$xxxxx things.
> Really - htpasswd (from Apache) does what you want.

Sorry, I neglected to mention I want to use MD5 'BSD $1$xxxxx things'. I
found spdbm in solid-pop3d-0.16d (a prerelease) now, but it's somewhat
awkward to compile independantly from the rest of the source. I'll
probably try to audit chpwdfile[1] and go with that next time I have
some time to spare.

1. http://eclipse.che.uct.ac.za/chpwdfile/

Tim van Erven <tripudium@chello.nl>
OpenPGP Key ID: 712CB811        Fingerprint: F6C9 61EE 242C C012 36D5
                                             BBF8 6310 D557 712C B811

Reply to: