Just in case someone else runs into this...
I solved the problem that I described below by switching the password
encoding to base64. Also, with django, you have to monkey patch (based
on info from [1]) the set_password function in
django.contrib.auth.models.User. You also have to use a UserProfile
like described at [2]. Code below goes in models.py for your project.
import hashlib
import base64
from django.contrib.auth.models import User
# Save original User set_password method
orig_set_password = User.set_password
def set_password(user, raw_password):
if user.id == None:
user.save()
# Use the original method to set the django User password:
orig_set_password(user, raw_password)
userprofile, created = UserProfile.objects.get_or_create(user=user)
# Save the salt and sha digest in the correct format for dovecot
m = hashlib.sha1()
userprofile.salt = user.password.split('$')[1]
m.update(raw_password)
m.update(userprofile.salt)
userprofile.shadigest = base64.b64encode(m.digest() + userprofile.salt)
userprofile.save()
# Replace the method with the custom set_password
User.set_password = set_password
[1]
https://github.com/jedie/PyLucid/blob/master/pylucid_project/apps/pylucid/models/userprofile.py
[2]
https://docs.djangoproject.com/en/1.3/topics/auth/#storing-additional-information-about-users
On 8/7/2011 12:53 PM, Benjamin Montgomery wrote:
Hello everyone,
I'm trying to make dovecot do user authentication against a SQL
database. The passwords (managed by Django) are stored as salted SHA1
encoded in hex. I monkey patched Django's password method so that the
password hash is made with <password><salt> (Django does
<salt><password>, the patched method was verified to return same value
as dovecotpw) and the passwords are stored in the database separately as
the salted hash and the salt. When I query the values out of the
database, I'm using MySQL's concat function to return the password as
{SSHA.hex}<sha1 hash><salt>. Dovecot is not able to verify any passwords
right now. I've scoured the wiki and I think my setup is
correct...config info is below. Any advice on where to look for
debugging or setup of my passwords would be appreciated!
Ben
dovecot-sql.conf:
default_pass_scheme = SSHA.hex
password_query = \
SELECT emailmanager_emailaddresses.account AS username, \
emailmanager_domain.name AS domain, \
CONCAT('{SSHA.hex}', \
emailmanager_userprofile.shadigest, \
emailmanager_userprofile.salt \
) AS password \
FROM emailmanager_emailaddresses \
JOIN emailmanager_domain ON emailmanager_emailaddresses.id =
emailmanager_domain.id \
JOIN emailmanager_userprofile ON emailmanager_emailaddresses.id =
emailmanager_userprofile.id \
WHERE emailmanager_emailaddresses.account = '%n' \
AND emailmanager_domain.name = '%d'
