'[Ispman-users] Conversion of APOP users'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ispman-users
Subject:    [Ispman-users] Conversion of APOP users
From:       Ezio Paglia <ezio () comune ! grosseto ! it>
Date:       2004-12-15 12:53:51
Message-ID: 5.1.0.14.1.20041215133619.020fd2d0 () mail ! comune ! grosseto ! it
[Download RAW message or body]

Hi all,

and thanks for your previous answers.
I need to populate my ispman ldap with users coming from an APOP 
authentication. We still have a qpopper server (5000 users with APOP and 
1000 users with PASSWORS) and are trying to test the migration toward 
ispman. I have seen that PASSWORDS authentication is well converted, but 
sincerely I do not know what to do for APOP users.
In apop the users and their crypted passwords are kept in a gdbm file; a 
user sends the server the username plus only a digest of a string obtained 
through md5 of the concatenation of the password with a secret number.
Only to better explain the difference between the usual passwords and 
qpopper APOP, here follows a more practical example, extracted from a very 
bad perl program of mine (please do not laugh) , in which I allowed my 
users to test and change their authentication method and their password 
from the web.

..
         $dest = sockaddr_in (110, inet_aton ('*****'));
         connect (SH, $dest) || die $!;
         $ingresso=<SH>;
         if ($oldmeth eq 'APOP')
#APOP
                 {
                 $ingresso=~s/.*</</;
                 ($ingresso,$dummy)=split (/>/,$ingresso);
                 $ingresso.='>';
                 $stringa=$ingresso.$oldpass;
                 $digest= md5_hex($stringa);
                 send (SH, "apop $utente $digest\n",0);
                 }
         else
#PASSWORDS
                 {
                 send (SH, "user $utente\n",0);
                 $ingresso=<SH>;
                 send (SH, "pass $oldpass\n",0);
                 }
         $ingresso=<SH>;
         if ( substr($ingresso,1,2) eq 'OK' )
....

Do you know whether a conversion is possible or do you think I need to make 
my users pass through passwords authentication ?

Ciao and thank you.
Ezio.
--
Ezio Paglia
Sistema Informativo e Architetture
SED Comune di Grosseto



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
_______________________________________________
Ispman-users mailing list
Ispman-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ispman-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic