Limited Password length

aconti · April 11, 2025, 03:18:51 AM

Hi,

Roundcube password considers only the first 8 characters (and ignores the rest).

How can I fix this so longer passwords are fully evaluated, from what I have seen it might have to do with the dovecot configuration (dovecot-sql.conf.ext) encryption type, so here are my findings:

default_pass_scheme = CRYPT

Also MariaDB 'password' field is set to varchar(20), from what I have seen this will need to be increased.

Can you assist with any further checks and steps needed to fix these limitations?

Thanks

SKaero · April 11, 2025, 09:16:00 AM

Roundcube doesn't have any such limitation and isn't in charge of evaluating the password. Roundcube takes the password and sends it to the mail server to validate that the credentials are valid. So if only the first 8 characters are being checked that would be a problem with the mail server.

I also don't know what your referring to when you say:

Quote from: aconti on April 11, 2025, 03:18:51 AMAlso MariaDB 'password' field is set to varchar(20), from what I have seen this will need to be increased.

The Roundcube database doesn't have a 'password' field in any of the tables, I'm guessing your looking at another database.

alec · April 11, 2025, 12:20:08 PM

Likely a system (linux) crypt implementation detail. I'm not sure it is configurable. Use different hashing method.

aconti · April 28, 2025, 02:14:50 PM

its a postfix mail server with mariadb, Dovecot and fronted by Roundcube

So need to find out who is responsable for the authentication (thought it was Dovecot) and confirm old hash method being used and find instructions to change that. Sounds right?

Limited Password length

aconti

SKaero

alec

aconti