Postfixadmin mysql password storage method

Anonymous
2009-12-15
2013-01-23

  • Anonymous
    2009-12-15

    So basically I am writing a program and need it to be able to create a new user under a postfix/dovecot server using mysql databases. I know which databases to write to etc. I just can't find out how the password encryption is done. It seems like it is done through postfixadmin as that is how I created the mailboxes. The code I found is as follows:

       
    //
    // pacrypt
    // Action: Encrypts password based on config settings
    // Call: pacrypt (string cleartextpassword)
    //
    function pacrypt ($pw, $pw_db="")
    {
       global $CONF;
       $password = "";
       $salt = "";

       if ($CONF == 'md5crypt')
       {
          $split_salt = preg_split ('/\$/', $pw_db);
          if (isset ($split_salt)) $salt = $split_salt;

          $password = md5crypt ($pw, $salt);
       }

       if ($CONF == 'system')
       {
          if (ereg ("\$1\$", $pw_db))
          {
             $split_salt = preg_split ('/\$/', $pw_db);
             $salt = $split_salt;
          }
          else
          {
             $salt = substr ($pw_db, 0, 2);
          }
          $password = crypt ($pw, $salt);
       }

       if ($CONF == 'cleartext')
       {
          $password = $pw;
       }

       return $password;
    }

    I found a reference to pacrypt in the create-mailbox.php file. It seems this function is what creates the encrypted password. I am writing my program in python and can't figure out a way to replicate the encryption method shown here. help would be much appreciated. Even if its just pointing me in the right direction.

    Thanks in advance. 

     

  • Anonymous
    2009-12-18

    Original reply seems to have been eaten by SF, so here goes again. Since you're using Dovecot you should be able to simply use the dovecotpw utility to generate the password thusly:

    \# dovecotpw -s MD5-CRYPT -p butts<br>
    {MD5-CRYPT}$1$j16yU6ei$Q4a9bs2OFNmv4aCstiqqK1

    Just remember to trim off the {METHOD} from the start as that is what Postfix Admin seems to do. It is worth noting that without the {METHOD} Dovecot will assume it is either MD5-CRYPT or PLAIN-MD5 when retrieved from the database, but if you choose to change to another method you must append the new method  to the beginning of the password string in your mySQL query.

    Anyhow, this quick addition will trim off that method for you:

    \# dovecotpw -s MD5-CRYPT -p butts | sed 's/{MD5-CRYPT}//'<br>
    $1$WkTffhIc$qLzIgYhEv6jCi6dHWH/8B1

    Also, if you are set on doing it entirely within Python  there seems to be one or two scripts out there:

      : http://code.activestate.com/recipes/325204/