what encryption is used by Cyrus to encrypt passwords?
Tomasz Chmielewski
mangoo at wpkg.org
Wed Mar 15 11:33:30 EST 2006
Craig White wrote:
> On Wed, 2006-03-15 at 16:40 +0100, Tomasz Chmielewski wrote:
>> info-cyrus at lists.andrew.cmu.edu wrote:
>>> Tomasz Chmielewski wrote:
>>>> I have a user base in two databases: one in LDAP, for Samba, and one
>>>> in MySQL, for cyrus/mail.
>>>>
>>>> It's not very comfortable, as I have to do the things twice.
>>>>
>>>> So I thought of "leeching" the users and passwords from the LDAP
>>>> database, filtering it through a script, and creating cyrus accounts
>>>> this way.
>>>>
>>>> There is one problem though - Samba accounts use SSHA encryption, and
>>>> Cyrus doesn't.
>>>>
>>>> What encryption is used by Cyrus?
>>>>
>>>> When I look into MySQL database, the password look like that:
>>>>
>>>> abcDe12FGHiJK
>>>>
>>>> So it's 13 characters.
>>>>
>>>> What encryption is it?
>>>>
>>> Why not buil cyrus to read users from LDAP?
>> It would be problematic here.
>>
>> Right now I have several LDAP (Samba) databases on different servers -
>> for different user groups.
>>
>> On the other hand, one MySQL (cyrus) database is used for all users.
>>
>> So, if I wanted to make Cyrus read from LDAP, it would have to read from
>> several LDAP servers.
>>
>> Can it do it? I didn't google much, but perhaps it's either impossible,
>> or hard to do.
>>
>>
>> So I assumed the approach I described earlier would be easier.
> ----
> I would expect that you could set up one of your LDAP servers to do
> referrals to the other proxy servers so you would only need to set up
> one LDAP reference within cyrus.
Technically, I should be able to do this.
Perhaps it's not the best group to ask - what will happen if the
connection between the two LDAP server is broken, and we use referrals
as here [1]:
ref: ldap://b.example.net/dc=subtree,dc=example,dc=net
> I would also suggest that sambaNTPassword and sambaLMPassword attributes
> are not SSHA but rather a Microsoft form of hash. The userPassword
> attribute (if you samba users are also posixAccount/shadowAccount
> objectclasses) could possibly be SSHA.
This I know.
What I want to know is what Cyrus uses - certainly it's not a Microsoft
hash :) and not SSHA.
[1] http://www.openldap.org/doc/admin23/referrals.html
--
Tomasz Chmielewski
http://wpkg.org
More information about the Info-cyrus
mailing list