[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[tpop3d-discuss]auth-flatfile md5 hash incorrect length
From: |
Mike Pinkerton |
Subject: |
[tpop3d-discuss]auth-flatfile md5 hash incorrect length |
Date: |
Wed, 11 Aug 2004 14:11:52 -0400 |
I am having problems getting auth-flatfile authentication working.
I am running Fedora Core 2 on a remote dedicated server --
configuration details are at the end of this message. I am trying to
set up auth-flatfile for about 8 virtual mail domains, each with only
a handful of users.
My goal is to write a simple bash script to facilitate password
maintenance. Yes, I know there are some Perl scripts about, but I
would like to be able to do this in bash. :-)
I set up a test account in one domain -- address@hidden -- and
used the following command to create an MD5 hashed password:
openssl passwd -1 -salt pigflies password
Yes, I know that my salt is not particularly random, but I'm just
trying to debug my set-up. No, that's not the real password. I
chose md5 rather than crypt because crypt (at least in the openssl
implementation) insisted on truncating passwords longer than 8
characters, which sort of defeats the purpose of longer passwords.
Having seen a message in this list's archives from Paul Makepeace
regarding the format tpop3d expects of the authentication flatfile
(notwithstanding the inconsistent description in the tpop3.conf man
page), I wrote the following entry into my auth-flatfile password
file:
address@hidden:{md5}$1$pigflies$I3P9Sz4rq9LFw3zE/M1nr1:5000:5000:Mike
Pinkerton:/var/spool/mail/vhosts/advomation.com/mike:/sbin/nologin
I figured that if I need to have all those colons to keep tpop3d
happy, I might as well keep track of mail spools with them. The uid
and gid are Postfix's recommended values for the mailboxes it writes.
I started tpop3d with the following command:
tpop3d -f /etc/tpop3d.d/tpop3d.conf -p /var/run/tpop3d.pid -dv >
/tmp/tpop3d.debug 2>&1
The full standard error output is at the end of this message (except
that I munged the password in the "log bad passwords" line -- the
password that it reported as being used was the correct password for
this test account).
The line in the standard error output that strikes me is:
password: address@hidden; address@hidden has password
type md5, but hash is of incorrect length
What length does tpop expect the hash to be? If openssl doesn't
create acceptable md5 password hashes, what command line tool does?
Any help figuring out what I'm doing wrong would be appreciated.
***** Configuration details *****
Linux 2.6.6-1.435.2.3 i686 i386
openssl 0.9.7a (from Fedora Core RPMs)
Postfix 2.0.18-4 (from Fedora Core RPMs)
tpop3d 1.5.3 (from tarball)
Available authentication drivers:
auth-flatfile Uses /etc/passwd-style flat files
Available mailbox drivers:
bsd BSD (`Unix') mailspool, with index saving support
empty Empty mailbox
Enabled features:
Mass virtual hosting
Suppress C-client metadata
TLS
***** Standard error output *****
experimental BSD mailbox metadata cache enabled
parse_listeners: listening on address 66.132.146.110:110; TLS mode STLS
parse_listeners: listening on address 66.132.146.110:995; TLS mode immediate
/etc/tpop3d.d/tpop3d.conf: I hope you realise that use of the
log-bad-passwords option is an invasion of privacy
1 authentication drivers successfully loaded
net_loop: tpop3d version 1.5.3 successfully started
connection_sendresponse: client
[6]66.245.111.103/postal.advomation.com: sent `+OK
<address@hidden>'
listeners_post_select: client
[6]66.245.111.103/postal.advomation.com: connected to local address
66.132.146.110:995
ioabs_tls_post_select: client
[6]66.245.111.103/postal.advomation.com: SSL_accept: tlsv1 alert
unknown ca; closing connection
connections_post_select: client
[6]66.245.111.103/postal.advomation.com: disconnected; 0/0 bytes
read/written
connection_sendresponse: client
[6]66.245.111.103/postal.advomation.com: sent `+OK
<address@hidden>'
listeners_post_select: client
[6]66.245.111.103/postal.advomation.com: connected to local address
66.132.146.110:995
connection_parsecommand: client
[6]66.245.111.103/postal.advomation.com: received `APOP
address@hidden 0d8be184620fe8be6ff987234495f35f'
password: attempted APOP login by address@hidden;
address@hidden, who does not have a plaintext password
auth_flatfile_new_apop: failed login for address@hidden;
address@hidden
connection_sendresponse: client
[6]66.245.111.103/postal.advomation.com: sent `-ERR Lies! Try again!'
connection_do: client `[6]66.245.111.103/postal.advomation.com':
username address@hidden': 1 authentication failures
connection_parsecommand: client
[6]66.245.111.103/postal.advomation.com: received `USER
address@hidden'
connection_sendresponse: client
[6]66.245.111.103/postal.advomation.com: sent `+OK Tell me your
password.'
connection_parsecommand: client
[6]66.245.111.103/postal.advomation.com: received `PASS [...]'
authcache_new_user_pass: no entry for address@hidden;
address@hidden
password: address@hidden; address@hidden has password
type md5, but hash is of incorrect length
auth_flatfile_new_user_pass: failed login for address@hidden;
address@hidden
connection_do: client `[6]66.245.111.103/postal.advomation.com':
username address@hidden': failing password is `XXXXXXXXX'
connection_sendresponse: client
[6]66.245.111.103/postal.advomation.com: sent `-ERR Lies! Try again!'
connection_do: client `[6]66.245.111.103/postal.advomation.com':
username address@hidden': 2 authentication failures
connection_parsecommand: client
[6]66.245.111.103/postal.advomation.com: received `QUIT'
connection_sendresponse: client
[6]66.245.111.103/postal.advomation.com: sent `+OK Fine. Be that way.'
ioabs_tls_shutdown: client [6]66.245.111.103/postal.advomation.com:
underlying connection closed by peer during shutdown
connections_post_select: client
[6]66.245.111.103/postal.advomation.com: disconnected; 107/160 bytes
read/written
--
Mike Pinkerton
- [tpop3d-discuss]auth-flatfile md5 hash incorrect length,
Mike Pinkerton <=