Re: The use of %w in password_query leads to "Failed to expand plugin setting" error
On 16 Jan 2021, at 01:19, f...@fili.nl wrote: > No :) I'm converting the password scheme at the moment of login, please read > the link https://wiki.dovecot.org/HowTo/ConvertPasswordSchemes for more info. Yes, I did that a while ago, but you said "When the user has % in their password" which seemed odd. Glad it's sorted! -- MY MOM IS NOT DATING JERRY SIENFELD Bart chalkboard Ep. AABF06
Re: The use of %w in password_query leads to "Failed to expand plugin setting" error
No :) I'm converting the password scheme at the moment of login, please read the link https://wiki.dovecot.org/HowTo/ConvertPasswordSchemes for more info.Btw, the base64 encoding tip worked! Thanks again AkiOn 16 Jan 2021 03:25, "@lbutlr" wrote:On 14 Jan 2021, at 08:30, Filidor Wiese wrote: > When a user has a % sign in their password, the following error occurs: Were you storing PLAIN TEXT passwords? -- Some humans would do anything to see if it was possible to do it. If you put a large switch in some cave somewhere, with a sign on it saying "End-of-the-World Switch. PLEASE DO NOT TOUCH," the paint wouldn't even have time to dry.
Re: The use of %w in password_query leads to "Failed to expand plugin setting" error
On 14 Jan 2021, at 08:30, Filidor Wiese wrote: > When a user has a % sign in their password, the following error occurs: Were you storing PLAIN TEXT passwords? -- Some humans would do anything to see if it was possible to do it. If you put a large switch in some cave somewhere, with a sign on it saying "End-of-the-World Switch. PLEASE DO NOT TOUCH," the paint wouldn't even have time to dry.
Re: The use of %w in password_query leads to "Failed to expand plugin setting" error
Thanks Aki, that sounds like a good solution. So you're suggesting?
password_query = \
SELECT domain, password, TO_BASE64('%w') AS userdb_plain_pass, \
domain as userdb_domain, concat('*:storage=', quota) AS userdb_quota_rule,
5000 as userdb_uid, 5000 as userdb_gid, '/home/%d/%n' as userdb_home \
FROM users WHERE (catch='%n' AND domain='%d')
I'll give it a go when our users are asleep!
Regards,
Filidor
On 14-01-2021 16:34, Aki Tuomi wrote:
>> On 14/01/2021 17:30 Filidor Wiese wrote:
>>
>>
>> Hi,
>> I'm trying to convert my existing users to a more modern password scheme by
>> following the how-to at
>> https://wiki.dovecot.org/HowTo/ConvertPasswordSchemes.
>> One of the steps is to include the use of '%w' in the password_query, like
>> so:
>>> password_query = \
>>> SELECT domain, password, '%w' AS userdb_plain_pass, \
>>> domain as userdb_domain, concat('*:storage=', quota) AS userdb_quota_rule,
>>> 5000 as userdb_uid, 5000 as userdb_gid, '/home/%d/%n' as userdb_home \
>>> FROM users WHERE (catch='%n' AND domain='%d')
>> and also to configure:
>>> userdb {
>>> driver = prefetch
>>> }
>> in order to combine the user/password_query into one. Now that all seemed to
>> work well, except for one thing.
>> When a user has a % sign in their password, the following error occurs:
>>> Error: Failed to expand plugin setting plain_pass = 'Tfew3322gYEp$%5Qjk0':
>>> Unknown variable '%Q'
>>>
>> Which indicates that dovecot is trying to expand variables in the password.
>> As a consequence, the login process fails.
>> Is there some way around this behavior?
>> Thanks in advance,
>> Filidor Wiese
>>
> You might get better results with, say, base64 encoding the password.
> TO_BASE64() should work from 5.6 mysql. You can also try HEX encoding it.
>
> Aki
Re: The use of %w in password_query leads to "Failed to expand plugin setting" error
> On 14/01/2021 17:30 Filidor Wiese wrote:
>
>
> Hi,
> I'm trying to convert my existing users to a more modern password scheme by
> following the how-to at https://wiki.dovecot.org/HowTo/ConvertPasswordSchemes.
> One of the steps is to include the use of '%w' in the password_query, like so:
> > password_query = \
> > SELECT domain, password, '%w' AS userdb_plain_pass, \
> > domain as userdb_domain, concat('*:storage=', quota) AS userdb_quota_rule,
> > 5000 as userdb_uid, 5000 as userdb_gid, '/home/%d/%n' as userdb_home \
> > FROM users WHERE (catch='%n' AND domain='%d')
> and also to configure:
> > userdb {
> > driver = prefetch
> > }
> in order to combine the user/password_query into one. Now that all seemed to
> work well, except for one thing.
> When a user has a % sign in their password, the following error occurs:
> > Error: Failed to expand plugin setting plain_pass = 'Tfew3322gYEp$%5Qjk0':
> > Unknown variable '%Q'
> >
> Which indicates that dovecot is trying to expand variables in the password.
> As a consequence, the login process fails.
> Is there some way around this behavior?
> Thanks in advance,
> Filidor Wiese
>
You might get better results with, say, base64 encoding the password.
TO_BASE64() should work from 5.6 mysql. You can also try HEX encoding it.
Aki
