what password hash is roundcube using?

andrewjs18 · November 04, 2012, 02:03:09 AM

I'm trying to set up postfixadmin and roundcube to be able to reset user passwords. by doing this, I need to ensure the password hashes are all the same. what password hash does roundcube use and where can it be found?

SKaero · November 04, 2012, 02:18:05 AM

I'm not real sure what you mean, the account password is not stored by RoundCube.

andrewjs18 · November 04, 2012, 05:37:57 PM

I should of probably specified that this is in relation to the password plugin that roundcube has.

I'm trying to make sure the passwords sync up with postfixadmin, the utility I use to manage my email accounts.

so, I changed the encryption type to mysql_encrypt. I then set the following in the password config.inc.php file:

Code Select


$rcmail_config['password_query'] = 'UPDATE mailbox SET password=%c WHERE username=%u LIMIT 1';

so the password resets fine in roundcube, but it doesn't sync up properly to postfixadmin. once the password is changed in roundcube, it basically kills the old and new password for that email address for postfixadmin.

SKaero · November 04, 2012, 08:07:51 PM

I think PostFixAdmin uses a custom hash by default you might need to change $CONF['encrypt'] in your PostFixAdmin config to match $rcmail_config['password_crypt_hash'] in RoundCube.

andrewjs18 · November 04, 2012, 09:27:42 PM

the postfixadmin encryption has been changed to mysql_encrypt, as seen here: $CONF['encrypt'] = 'mysql_encrypt';

in which file is $rcmail_config['password_crypt_hash'] found?

SKaero · November 04, 2012, 09:41:06 PM

Its in the password plugin config, I'm not sure what mysql_encrypt is though I don't think RoundCube supports it but I could be wrong.

andrewjs18 · November 04, 2012, 09:45:43 PM

I'm not finding that code in the password config.inc.php when I do a search for it.

do you recommend a password encryption that's pretty widely used? I don't think postfixadmin uses standard md5.

edit, I did a grep for password_crypt_hash and it's not finding it at all on my server.

SKaero · November 05, 2012, 02:35:36 AM

I believe that PostFixAdmin does support MD5 but its not really the best choice. Thinking about mysql_encrypt I bet they mean there using the the MySQL encrypt function so you could try having the password query as follows:

Code Select


$rcmail_config['password_query'] = 'UPDATE mailbox SET password=encrypt(%p) WHERE username=%u LIMIT 1';

andrewjs18 · November 05, 2012, 03:17:19 AM

this is what their section for encryption says:

// Encrypt
// In what way do you want the passwords to be crypted?
// md5crypt = internal postfix admin md5
// md5 = md5 sum of the password
// system = whatever you have set as your PHP system default
// cleartext = clear text passwords (ouch!)
// mysql_encrypt = useful for PAM integration
// authlib = support for courier-authlib style passwords
// dovecot:CRYPT-METHOD = use dovecotpw -s 'CRYPT-METHOD'. Example: dovecot:CRAM-MD5
$CONF['encrypt'] = 'mysql_encrypt';

andrewjs18 · November 05, 2012, 03:43:58 PM

Quote from: SKaero on November 05, 2012, 02:35:36 AM
I believe that PostFixAdmin does support MD5 but its not really the best choice. Thinking about mysql_encrypt I bet they mean there using the the MySQL encrypt function so you could try having the password query as follows:
Code Select Expand
$rcmail_config['password_query'] = 'UPDATE mailbox SET password=encrypt(%p) WHERE username=%u LIMIT 1';

that appears to of worked. thanks!