Re: [exim] plaintext server_condition

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Tony Finch
Date:  
À: Gall Anonim
CC: exim-users
Sujet: Re: [exim] plaintext server_condition
On Tue, 31 May 2005, Gall Anonim wrote:

> I have such problem, that i need to authenticate my users from mysql
> database, some of them have password stored in plaintext. Others have
> crypted. Now I need to autenticate them all, and i cant separate with
> usernames. I need to migrate service and it have to be done
> transparently.


Try a plaintext match and if that fails try a crypt match? Horribly
insecure (it makes crypted passwords equivalent to plaintext passwords
because you can type in your crypted password to authenticate yourself)
but it will allow you to migrate to all-crypted, at which point you can
turn off the plaintext matching. If you're using a modern crypt() you can
improve the security by checking the format of the stored password and
not allowing plaintext matches for passowrds that appear to be crypted.

Tony.
--
<fanf@???> <dot@???> http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}