[prev in list] [next in list] [prev in thread] [next in thread]
List: exim-users
Subject: Re: [exim] plaintext server_condition
From: Agusti <xarxes () in ! ilimit ! es>
Date: 2005-05-31 17:04:21
Message-ID: 200505311904.21091.xarxes () in ! ilimit ! es
[Download RAW message or body]
I would try to generate crypt passwords for everybody, you can crypt the ones
that aren't (the other way back would be difficult...).
And I think having all passwords crypted will be more serious...
A Dimarts 31 Maig 2005 17:07, Tony Finch va escriure:
> On Tue, 31 May 2005, Gall Anonim wrote:
> > I have such problem, that i need to authenticate my users from mysql
> > database, some of them have password stored in plaintext. Others have
> > crypted. Now I need to autenticate them all, and i cant separate with
> > usernames. I need to migrate service and it have to be done
> > transparently.
>
> Try a plaintext match and if that fails try a crypt match? Horribly
> insecure (it makes crypted passwords equivalent to plaintext passwords
> because you can type in your crypted password to authenticate yourself)
> but it will allow you to migrate to all-crypted, at which point you can
> turn off the plaintext matching. If you're using a modern crypt() you can
> improve the security by checking the format of the stored password and
> not allowing plaintext matches for passowrds that appear to be crypted.
>
> Tony.
> --
> <fanf@exim.org> <dot@dotat.at> http://dotat.at/ ${sg{\N${sg{\
> N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
> \N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}
--
Agustí Rivero
xarxes@in.ilimit.es
Telf. 902 36 14 84
Ilimit Comunicacions
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic