what encryption is used by Cyrus to encrypt passwords?
Craig White
craigwhite at azapple.com
Wed Mar 15 10:55:45 EST 2006
On Wed, 2006-03-15 at 16:40 +0100, Tomasz Chmielewski wrote:
> info-cyrus at lists.andrew.cmu.edu wrote:
> > Tomasz Chmielewski wrote:
> >> I have a user base in two databases: one in LDAP, for Samba, and one
> >> in MySQL, for cyrus/mail.
> >>
> >> It's not very comfortable, as I have to do the things twice.
> >>
> >> So I thought of "leeching" the users and passwords from the LDAP
> >> database, filtering it through a script, and creating cyrus accounts
> >> this way.
> >>
> >> There is one problem though - Samba accounts use SSHA encryption, and
> >> Cyrus doesn't.
> >>
> >> What encryption is used by Cyrus?
> >>
> >> When I look into MySQL database, the password look like that:
> >>
> >> abcDe12FGHiJK
> >>
> >> So it's 13 characters.
> >>
> >> What encryption is it?
> >>
> > Why not buil cyrus to read users from LDAP?
>
> It would be problematic here.
>
> Right now I have several LDAP (Samba) databases on different servers -
> for different user groups.
>
> On the other hand, one MySQL (cyrus) database is used for all users.
>
> So, if I wanted to make Cyrus read from LDAP, it would have to read from
> several LDAP servers.
>
> Can it do it? I didn't google much, but perhaps it's either impossible,
> or hard to do.
>
>
> So I assumed the approach I described earlier would be easier.
----
I would expect that you could set up one of your LDAP servers to do
referrals to the other proxy servers so you would only need to set up
one LDAP reference within cyrus.
I would also suggest that sambaNTPassword and sambaLMPassword attributes
are not SSHA but rather a Microsoft form of hash. The userPassword
attribute (if you samba users are also posixAccount/shadowAccount
objectclasses) could possibly be SSHA.
Craig
More information about the Info-cyrus
mailing list