[Web-cyradm] Squirrelmail, Web-cyradm, changesqlpass plugin,
user password
Mikko Toivola
mikko.cwa at pikkasenkuti.com
Mon Nov 13 09:10:44 CET 2006
Hi. I have configured change_sqlpass to work with web-cyradm user-
table and with encryption set to 'crypt'. It was kind of tricky, had
to change some sql-querys quite radically, but I got it working after
few hours of debugging. I can paste diff's from my config later, now
I'm in a bit of a hurry. The parts dealing with salt was the problem,
if I recall right.
Mikko
On 13.11.2006, at 7:20, Victor San Kho Lin wrote:
> Hello all,
>
> i m new to web cyradm. Have done successful set up web-cyradm. How can
> i config squirrelmail's change_sqlpass plugin to allow individual user
> to change their password from squirrelmail. There is change_sqlpass
> plugin config.php with a few variables which have to config according
> to web-cyradm db table and encryption method. But i m not sure about
> those value meaning. Please help.
> From change_sqlpass config,
>
> I change this to web-cyradm config.
>
> $csp_dsn = 'mysql://user:password@localhost/email_users';
>
> I m not sure how to edit this string to match with web-cyradm.
>
> $lookup_password_query = 'SELECT count(*) FROM users WHERE username =
> "%1" AND crypt_password = %4';
>
> $password_update_queries = array(
> 'UPDATE users SET crypt_password = %4 WHERE username = "%
> 1"',
>
> );
>
> What type of encryption should be match with web-cyradm "crypt"
> option.
>
> // password_encryption
> //
> // What encryption method do you use to store passwords
> // in your database? Please use one of the following,
> // exactly as you see it:
> //
> // NONE Passwords are stored as plain text only
> // MYSQLPWD Passwords are stored using the MySQL password
> () function
> // MYSQLENCRYPT Passwords are stored using the MySQL encrypt()
> function
> // PHPCRYPT Passwords are stored using the PHP crypt()
> function
> // MD5CRYPT Passwords are stored using encrypted MD5
> algorithm
> // MD5 Passwords are stored as MD5 hash
> //
> $password_encryption = 'MYSQLPWD';
>
> And i m lack of knowledge on this part to integrate with web-
> cyradm....
>
> // csp_salt_query
> // csp_salt_static
> //
> // Encryption types that need a salt need to know where to get
> // that salt. If you have a constant, known salt value, you
> // should define it in $csp_salt_static. Otherwise, leave that
> // value empty and define a value for the $csp_salt_query.
> //
> // Leave both values empty if you do not need (or use) salts
> // to encrypt your passwords.
> //
> // The query should return one value (one row, one column) which
> // is the salt value for the current user's password. This
> // query is ignored if $csp_salt_static is anything but empty.
> //
> // %1 in this query will be replaced with the full username
> // (including domain), such as "jose at example.com"
> // %2 in this query will be replaced with the username (without
> // any domain portion), such as "jose"
> // %3 in this query will be replaced with the domain name,
> // such as "example.com"
> //
> //$csp_salt_static = 'LEFT(crypt_password, 2)';
> //$csp_salt_static = '"a4"'; // use this format with MYSQLENCRYPT
> //$csp_salt_static = '$2$blowsomefish$'; // use this format with
> PHPCRYPT
> $csp_salt_static = '';
>
> //$csp_salt_query = 'SELECT SUBSTRING_INDEX(crypt_password, '$', 1)
> FROM users WHERE username = "%1"';
> //$csp_salt_query = 'SELECT SUBSTRING(crypt_password,
> (LENGTH(SUBSTRING_INDEX(crypt_password, '$', 2)) + 2)) FROM users
> WHERE username = "%1"';
> $csp_salt_query = 'SELECT salt FROM users WHERE username = "%1"';
> //$csp_salt_query = '';
>
>
> Thanks advance for help..
> _______________________________________________
> This mailing list is hosted and supported
> by bit-heads GmbH | http://www.bit-heads.ch
>
> _______________________________________________
> Web-cyradm mailing list
> Web-cyradm at web-cyradm.org
> http://www.web-cyradm.org/mailman/listinfo/web-cyradm
>
More information about the Web-cyradm
mailing list