what password hash is roundcube using?

[andrewjs18]

I'm trying to set up postfixadmin and roundcube to be able to reset user passwords.  by doing this, I need to ensure the password hashes are all the same.  what password hash does roundcube use and where can it be found?

[SKaero]

I'm not real sure what you mean, the account password is not stored by RoundCube.

[andrewjs18]

I should of probably specified that this is in relation to the password plugin that roundcube has.

I'm trying to make sure the passwords sync up with postfixadmin, the utility I use to manage my email accounts.

so, I changed the encryption type to mysql_encrypt.  I then set the following in the password config.inc.php file:

Code: [Select]

$rcmail_config['password_query'] = 'UPDATE mailbox SET password=%c WHERE username=%u LIMIT 1';

so the password resets fine in roundcube, but it doesn't sync up properly to postfixadmin.  once the password is changed in roundcube, it basically kills the old and new password for that email address for postfixadmin.

[SKaero]

I think PostFixAdmin uses a custom hash by default you might need to change $CONF['encrypt'] in your PostFixAdmin config to match $rcmail_config['password_crypt_hash'] in RoundCube.

[andrewjs18]

the postfixadmin encryption has been changed to mysql_encrypt, as seen here: $CONF['encrypt'] = 'mysql_encrypt';

in which file is $rcmail_config['password_crypt_hash'] found?

[SKaero]

Its in the password plugin config, I'm not sure what mysql_encrypt is though I don't think RoundCube supports it but I could be wrong.

[andrewjs18]

I'm not finding that code in the password config.inc.php when I do a search for it.

do you recommend a password encryption that's pretty widely used?  I don't think postfixadmin uses standard md5.

edit, I did a grep for password_crypt_hash and it's not finding it at all on my server.

[SKaero]

I believe that PostFixAdmin does support MD5 but its not really the best choice. Thinking about mysql_encrypt I bet they mean there using the the MySQL encrypt function so you could try having the password query as follows:

Code: [Select]

$rcmail_config['password_query'] = 'UPDATE mailbox SET password=encrypt(%p) WHERE username=%u LIMIT 1';


[andrewjs18]

this is what their section for encryption says:


// Encrypt
// In what way do you want the passwords to be crypted?
// md5crypt = internal postfix admin md5
// md5 = md5 sum of the password
// system = whatever you have set as your PHP system default
// cleartext = clear text passwords (ouch!)
// mysql_encrypt = useful for PAM integration
// authlib = support for courier-authlib style passwords
// dovecot:CRYPT-METHOD = use dovecotpw -s 'CRYPT-METHOD'. Example: dovecot:CRAM-MD5
$CONF['encrypt'] = 'mysql_encrypt';

[andrewjs18]

I believe that PostFixAdmin does support MD5 but its not really the best choice. Thinking about mysql_encrypt I bet they mean there using the the MySQL encrypt function so you could try having the password query as follows:

Code: [Select]

$rcmail_config['password_query'] = 'UPDATE mailbox SET password=encrypt(%p) WHERE username=%u LIMIT 1';


that appears to of worked.  thanks!