CentOS 6/7 acting similarly, >16 character length password failed on
both (of mine at least). First 16 characters worked on both.
On 10/2/2018 8:47 PM, Eric Broch wrote:
Okay,
Set user's password to 17 x's, eg: xxxxxxxxxxxxxxxxx
I could not log in with 17x password but I could with 16x password.
Not sure what this means, I'm open to enlightenment. Could it be the
hash?
On 10/2/2018 8:41 PM, Eric Broch wrote:
Will do.
On 10/2/2018 8:40 PM, Andrew Swartz wrote:
Eric,
Before I do that, can you see if you can replicate the problem: On
Centos7, create an account with a long password and see if you can then
log in with the long password. If that fails, then try with the first
16 characters of that password.
-Andy
On 10/2/2018 6:28 PM, Eric Broch wrote:
Andrew,
On 10/2/2018 7:34 PM, Andrew Swartz wrote:
1. vpopmail (or something else) is NOW authenticating against the
cleartext password instead of the hash.
I don't think so, or I hope not. I've done nothing except compile
vpopmail on CentOS 7 back in 2015 no patches.
The only change, if I remember correctly, is MariaDB requirements
rather
the MySQL.
2. vpopmail (or something else) is NOW truncating the password at 16
characters when it is set (i.e. hashed), but not during subsequent
authentication.
I hope it's something else.
3. mysql was storing something in the cleartext password field
which it
did not export. This seems unlikely, as I can see 16 characters
and the
field type is "char(16)". I went through the database export
file, and
its contents appear the same as those of the running mysql
database on
Centos5, which is the same as the running mariadb database on
Centos7 (I
view the contents with WebMin). Therefore it appears that the
backup/restore worked properly.
Maybe something worth my time: Bring up two qmail (w/vpopmail) VM's on
COS5 and COS7.
Next, Create a domain and user entry on COS5 with >16 length password.
Dump the vpopmail db on COS5 (vpopmail-cos5db), and import it on COS7.
Dump the vpopmail db on COS7 (vpopmail-cos7db), and compare (diff) the
two dumps.
If they're the same it could possibly be an issue with the vpopmail
program.
If you were up to it, you could also create a database called
vpopmail1
on your COS7 machine,
and import the COS5 vpopmail db into it (that way it doesn't mess with
your regular vpopmail db), and
dump it and compare the two (COS5/COS7) dumps.
Does anyone know the details of how vpopmail interacts with the
database
server? Or if any authentication is done by some means other than
through vpopmail?
Interaction with db by vpopmail is done at compile time.
--
Eric Broch
White Horse Technical Consulting (WHTC)
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
