On Sun, Jul 15, 2001 at 04:50:42PM -0000, pop corn wrote:
> >This part was contributed, I memory serves me right by Mike Jackson. My
> >guess is he just used Perl's MD5 module or a command line md5.
>
> I used ldappasswd to create an md5 password in the userPassword field from
> the cleartext word "secret":
> userpassword={md5}WPa5t2Ahxs8Y0a3GSxLHpg==
>
This is not the coorect md5 base64 digest.
Use the digest tool included with qmail-ldap. I checked it against the rfc
and it passed all tests. (There are no base64 digest in the rfc1321 but
the standart ones are all correct and our base64 implementation is correct).
./digest secret
{MD5}Xr4ilOzQ4PCOq3aQ0qbuaQ==
Probably the ldappasswd has problem with endianess.
> However, the check_ldap() in checkpassword.c fails as follows:
>
> If I type in secret as the cleartext password:
> # /home/qmail/bin/qmail-popup localhost /home/qmail/bin/auth_pop pwd
> +OK
> user <user>
> +OK
> pass secret
> -ERR user record incorrect
> check_ldap():password compare was not successful
> check_ldap():authdata->s:secret
> check_ldap():extra[0].vals[0]->s:{md5}WPa5t2Ahxs8Y0a3GSxLHpg==
>
Try my posted Hash instead of the {md5}WPa5t2Ahxs8Y0a3GSxLHpg== one and it
should work.
> If I cut/paste in the md5 password:
> # /home/qmail/bin/qmail-popup localhost /home/qmail/bin/auth_pop pwd
> +OK
> user <user>
> +OK
> pass {md5}WPa5t2Ahxs8Y0a3GSxLHpg==
> -ERR user record incorrect
> check_ldap():password compare was not successful
> check_ldap():authdata->s:{md5}WPa5t2Ahxs8Y0a3GSxLHpg==
> check_ldap():extra[0].vals[0]->s:{md5}WPa5t2Ahxs8Y0a3GSxLHpg==
>
This MUST not work else you could enter your crypted password and get
access. This is also why cleartext password storage is bad and disabled.
> Perhaps this has to do with the md5 password being encoded in base64. I
> tried to use the Python example given to me as follows, but the example goes
> in the opposite direction that I need, I think.
>
> # python
> Python 2.0 (#1, Apr 11 2001, 19:18:08)
> [GCC 2.96 20000731 (Linux-Mandrake 8.0 2.96-0.48mdk)] on linux-i386
> Type "copyright", "credits" or "license" for more information.
> >>>import base64
> >>>base64.decodestring('e01ENX1GNXJVWEd6aXk1ZlBFQ25pRWdSdWdRPT0=')
> '{MD5}F5rUXGziy5fPECniEgRugQ=='
> >>>
>
Funny, this hash is also incorrect, probably your script is bad.
--
later
Claudio
mailto:[EMAIL PROTECTED]
