Re: [Dovecot] How to manually generate a password hash
Am 14.04.2013 04:10, schrieb David Murphy:
> Hi folks. I've recently set up a Postfix 2.9.6/Dovecot 2.0.19 IMAPS/SMTPS
> setup on Ubuntu 12.04.2 (Mysql backend). I'm new to all this, so I apologize
> if this is fairly basic. I've attempted to the best of my ability to search
> for an answer, but no luck so far.
>
> What I'm trying to do is generate a password hash that I can inject directly
> into my Mysql database (disaster recovery sort of situation). Towards that
> goal, I'm trying to use 'doveadm pw' to generate a hash that matches a known
> password in my database. Unfortunately, I'm coming up empty.
>
> My default_pass_scheme in dovecot-sql.conf is set to MD5-CRYPT, and the
> passwords in the database have no scheme prefixes. I'm attempting to generate
> a hash with:
>
> sudo doveadm pw -s 'MD5-CRYPT'
>
> but the hash generated does not match the user's password hash in the
> database, which is known to be a good password.
*-CRYPT hashes are salted. Hence it is intended, that hashes differ.
$ doveadm pw -s 'MD5-CRYPT' -p test
{MD5-CRYPT}$1$s3UfgF6q$YRupP9GlEcaU5CYUOfkFl0
$ doveadm pw -s 'MD5-CRYPT' -p test
{MD5-CRYPT}$1$yVZQVf8U$aaguS/rkQOJXu29V76nUl/
> I've also tried using the -p flag and including the password in the command,
> and that doesn't do it either, though it oddly gives a different response
> than using the prompt. (What causes this? Newlines?)
I don't understand what you are trying to say here...
- René
Re: [Dovecot] How to manually generate a password hash
On 4/13/2013 7:10 PM, David Murphy wrote:
Hi folks. I've recently set up a Postfix 2.9.6/Dovecot 2.0.19 IMAPS/SMTPS setup
on Ubuntu 12.04.2 (Mysql backend). I'm new to all this, so I apologize if this
is fairly basic. I've attempted to the best of my ability to search for an
answer, but no luck so far.
What I'm trying to do is generate a password hash that I can inject directly
into my Mysql database (disaster recovery sort of situation). Towards that
goal, I'm trying to use 'doveadm pw' to generate a hash that matches a known
password in my database. Unfortunately, I'm coming up empty.
My default_pass_scheme in dovecot-sql.conf is set to MD5-CRYPT, and the
passwords in the database have no scheme prefixes. I'm attempting to generate a
hash with:
sudo doveadm pw -s 'MD5-CRYPT'
but the hash generated does not match the user's password hash in the database,
which is known to be a good password. I'm able to log into this account
successfully in both Roundcube and a remote IMAP client. I've also tried using
the -p flag and including the password in the command, and that doesn't do it
either, though it oddly gives a different response than using the prompt. (What
causes this? Newlines?)
So... what am I missing? If the hash was salted, it would seem the hashes in
the database would be longer than the ones generated at the command line, but
that isn't the case. I'm out of ideas. Any guidance appreciated.
-Dave
1) If your passwords are of the format $1$..., then they are in standard
crypt md5 format. They are salted. The salt is between the second and
third $ and the actual hash follows the third $.
2) The version of Dovecot you are running has several bugs in "doveadm
pw" that you might be encountering. This will prevent you from
verifying the hashes. Some of these have been fixed in the current release.
Try the following command. This should give you a "verified" response
on a patched version of doveadm. (NOTE this command is all on one line,
but may wrap in the email).
doveadm pw -s MD5-CRYPT -p abc123 -t '$1$85P5.CAv$tqx.O2iZwnIZjuMQ7fo6m1'
It should reply:
$1$85P5.CAv$tqx.O2iZwnIZjuMQ7fo6m1 (verified)
Or possibly (depending on the version of dovecot you run):
{MD5-CRYPT}$1$85P5.CAv$tqx.O2iZwnIZjuMQ7fo6m1 (verified)
If you do not get one of the above responses to the test, you should
upgrade, since your doveadm is broken.
To test your hashes, use the above command format substituting your
password after -p and your hash after -t. This is only if your hashes
begin with $1$..., however. If they do not, then they are not in crypt
md5 format and you will need to figure out what format they are.
Once again, however, you need to be running at least 2.1.17, I believe,
or maybe a recent release of 2.2 that has the doveadm patches.
Dem
Re: [Dovecot] 2.2.0 lmtp runtime error
On 13.4.2013, at 14.29, Luigi Rosa wrote: > I compiled and installed 2.2.0 and rebuilt pigeonhole 0.4.0 and this hapens > ans soon as a new mail arrives: > > Apr 13 13:18:02 mail dovecot: lmtp(12346, li...@luigirosa.com): Fatal: master: > service(lmtp): child 12346 killed with signal 11 (core dumps disabled) gdb backtrace would be helpful in figuring out what causes the crash: http://dovecot.org/bugreport.html
Re: [Dovecot] listen directive changed?
On 13.4.2013, at 7.13, Nick Edwards wrote:
> Is the global listen directive supposed to be a governing directive,
> like in apache? or is it there just in case you dont use it in
> protocols?
>
> I set a specific ipv6 address in global listen, but use [::] in proto
I don't understand what you mean by "in proto". If you mean inside protocol {}
setting, that's a deprecated way and should log warnings about it.
> Testing to a secondary IP, not in the global listen, it still
> connects, so can I ask has the original use of global listen been
> deprecated?
It's the default listen setting, which gets used by all services'
inet_listeners that don't override it.
Re: [Dovecot] How to manually generate a password hash
> Date: Sun, 14 Apr 2013 03:24:38 -0700 > From: profe...@dementianati.com > CC: dovecot@dovecot.org > Subject: Re: [Dovecot] How to manually generate a password hash > > 1) If your passwords are of the format $1$..., then they are in standard > crypt md5 format. They are salted. The salt is between the second and > third $ and the actual hash follows the third $. Aha! That's the piece I was missing. I never noticed the third '$' and for some reason I never tried running doveadm pw the exact same way twice in a row to notice that the results were different. Verified that I could generate a hash from doveadm pw, insert it in the database, and log in on that account. Thank you, and thanks to the others who responded as well. -Dave
Re: [Dovecot] 2.2.0 lmtp runtime error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Timo Sirainen said the following on 14/04/2013 17:29: Packing it along with the log and sending to your email account right now Ciao, luigi - -- / +--[Luigi Rosa]-- \ Massachusetts patient tested for mad cow disease. So, be sure not to eat meat from any Massachusetts patients --fark.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlFq3NgACgkQ3kWu7Tfl6ZS9ywCZAfR8LlmiYbFQXMECh437OdcN gfUAn3LgJZqw4e8dGtdgj3sgHlLghzZQ =Ym7C -END PGP SIGNATURE-
[Dovecot] Dovecot 2.2.0 Compilation Error
On MacOSX 10.6, I get: ld: duplicate symbol _cmd_batch in dsync/.libs/libdsync.a(doveadm-dsync.o) and doveadm-mail-batch.o for architecture x86_64 collect2: ld returned 1 exit status make[4]: *** [doveadm] Error 1 when compiling Dovecot 2.2.0. By contrast, 2.1.16 compiled (and runs) just fine. I'm surprised that this hasn't cropped up elsewhere.
Re: [Dovecot] Dovecot 2.2.0 Compilation Error
On 14.4.2013, at 18.38, Jacques Distler wrote: > On MacOSX 10.6, I get: > > ld: duplicate symbol _cmd_batch in dsync/.libs/libdsync.a(doveadm-dsync.o) > and doveadm-mail-batch.o for architecture x86_64 > collect2: ld returned 1 exit status > make[4]: *** [doveadm] Error 1 > > when compiling Dovecot 2.2.0. By contrast, 2.1.16 compiled (and runs) just > fine. > > I'm surprised that this hasn't cropped up elsewhere. Fixed: http://hg.dovecot.org/dovecot-2.2/rev/a7d0bb66639f Looks like it didn't happen in Linux.
Re: [Dovecot] 2.2.0 lmtp runtime error
Looks like mailbox_list_index=yes is broken in v2.2.0 release. Strange that I didn't notice it. This fixes it: http://hg.dovecot.org/dovecot-2.2/rev/fc9ef7d2251a
Re: [Dovecot] 2.2.0 lmtp runtime error
Timo Sirainen said the following on 14/04/2013 20:30: Looks like mailbox_list_index=yes is broken in v2.2.0 release. Strange that I didn't notice it. This fixes it: http://hg.dovecot.org/dovecot-2.2/rev/fc9ef7d2251a Tha patch did the trick, it works! Ciao, luigi -- / +--[Luigi Rosa]-- \ If it's working, the diagnostics say it's fine. If it's not working, the diagnostics say it's fine.
Re: [Dovecot] How to manually generate a password hash
David Murphy writes: http://en.wikipedia.org/wiki/Salt_%28cryptography%29 So... what am I missing? If the hash was salted, it would seem the hashes in the database would be longer than the ones generated at the command line, but that isn't the case. I'm out of ideas. Any guidance appreciated. The hashes are salted, and that is why the hashes are different, even though the same password is used. (Test it by using the output of "doveadm pw" and plugging it into your test account). The hashes ought to be the same length. The out would be proportional to the length of your input password if the were encrypting, rathher than hashing. But the length of the hash is consant + encoded(salt) + encoded (hash(password)), all of which ought to be fixed lengths. Joseph Tam
Re: [Dovecot] v2.2.0 - possible bug?
When doing a server side message body search I got this in the logs: Apr 14 22:32:24 imap(supp...@junkemailfilter.com): Panic: file message-parser.c: line 698 (preparsed_parse_prologue_more): assertion failed: (ctx->part->children != NULL) Apr 14 22:32:24 imap(supp...@junkemailfilter.com): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0x5f45a) [0x7f6eab1d745a] -> /usr/lib/dovecot/libdovecot.so.0(+0x5f4a6) [0x7f6eab1d74a6] -> /usr/lib/dovecot/libdovecot.so.0(i_error+0) [0x7f6eab197d4f] -> /usr/lib/dovecot/libdovecot.so.0(+0x52863) [0x7f6eab1ca863] -> /usr/lib/dovecot/libdovecot.so.0(message_parser_parse_next_block+0x29) [0x7f6eab1ca349] -> /usr/lib/dovecot/libdovecot.so.0(message_search_msg+0x5d) [0x7f6eab1cc51d] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0x9d558) [0x7f6eab4d5558] -> /usr/lib/dovecot/libdovecot-storage.so.0(mail_search_args_foreach+0x3c) [0x7f6eab4acc3c] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0x9d289) [0x7f6eab4d5289] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0x9e2fd) [0x7f6eab4d62fd] -> /usr/lib/dovecot/libdovecot-storage.so.0(index_storage_search_next_nonblock+0xe8) [0x7f6eab4d6938] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_search_next_nonblock+0x27) [0x7f6eab4b1057] -> dovecot/imap [supp...@junkemailfilter.com 127.0.0.1 UID SEARCH]() [0x41a78f] -> dovecot/imap [supp...@junkemailfilter.com 127.0.0.1 UID SEARCH](imap_search_start+0xe9) [0x41abf9] -> dovecot/imap [supp...@junkemailfilter.com 127.0.0.1 UID SEARCH](cmd_search+0xc5) [0x40ff75] -> dovecot/imap [supp...@junkemailfilter.com 127.0.0.1 UID SEARCH](command_exec+0x3d) [0x414f5d] -> dovecot/imap [supp...@junkemailfilter.com 127.0.0.1 UID SEARCH]() [0x4140c0] -> dovecot/imap [supp...@junkemailfilter.com 127.0.0.1 UID SEARCH]() [0x4141ad] -> dovecot/imap [supp...@junkemailfilter.com 127.0.0.1 UID SEARCH](client_handle_input+0x11d) [0x41442d] -> dovecot/imap [supp...@junkemailfilter.com 127.0.0.1 UID SEARCH](client_input+0x6f) [0x41479f] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x36) [0x7f6eab1e63a6] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0xa7) [0x7f6eab1e7407] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x28) [0x7f6eab1e6348] -> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f6eab19ca03] -> dovecot/imap [supp...@junkemailfilter.com 127.0.0.1 UID SEARCH](main+0x2a7) [0x41d997] -> /lib64/libc.so.6(__libc_start_main+0xfd) [0x7f6eaadfecdd] -> dovecot/imap [supp...@junkemailfilter.com 127.0.0.1 UID SEARCH]() [0x40a4d9] Apr 14 22:32:24 imap(supp...@junkemailfilter.com): Fatal: master: service(imap): child 28156 killed with signal 6 (core dumps disabled)
