Hi,
Roundcube password considers only the first 8 characters (and ignores the rest).
How can I fix this so longer passwords are fully evaluated, from what I have seen it might have to do with the dovecot configuration (dovecot-sql.conf.ext) encryption type, so here are my findings:
default_pass_scheme = CRYPT
Also MariaDB 'password' field is set to varchar(20), from what I have seen this will need to be increased.
Can you assist with any further checks and steps needed to fix these limitations?
Thanks
Roundcube doesn't have any such limitation and isn't in charge of evaluating the password. Roundcube takes the password and sends it to the mail server to validate that the credentials are valid. So if only the first 8 characters are being checked that would be a problem with the mail server.
I also don't know what your referring to when you say:
Quote from: aconti on April 11, 2025, 03:18:51 AMAlso MariaDB 'password' field is set to varchar(20), from what I have seen this will need to be increased.
The Roundcube database doesn't have a 'password' field in any of the tables, I'm guessing your looking at another database.
Likely a system (linux) crypt implementation detail. I'm not sure it is configurable. Use different hashing method.
its a postfix mail server with mariadb, Dovecot and fronted by Roundcube
So need to find out who is responsable for the authentication (thought it was Dovecot) and confirm old hash method being used and find instructions to change that. Sounds right?