PDA

View Full Version : Migration from Courier, virtual users


DHDSP
30th March 2009, 16:39
Hi everyone !

after ISPC3 has become stable I will be migrating a couple of old servers to a vmware machine running Lenny and hopefully ISPC3. My "old" server has courier-imap and courier-smtp running.

The old server uses courier "userdb" as the auth file for strictly virtual email users. Can I use this file directly (like in authmodulelist), or can I use the info in the userdb file to generate ISPC3 users another way ? How do I get to see the userdb users in ISPC3 ?

The password is hashed by the userdbpw command (from AWK script):
------------------<CUT>--------------------------
system("echo "$6" | userdbpw | userdb "$5"/"$4"@"$5" set systempw")
system("echo "$6" | userdbpw -hmac-md5| userdb "$5"/"$4"@"$5" set hmac-md5pw")
------------------</CUT>--------------------------

The userdb textfile looks somthing like this:
------------------<CUT>--------------------------
testfirstname.testlastname@testdom.de home=/home/virtmail/testdom.de/testfirstname.testlastname|systempw=aUPc11AXjmoKU| hmac-md5pw=fee57ed3951660332759a9f50712c65bc6a444bcc3aa be559e5830b842a11d41|gid=1001|uid=1001
------------------</CUT>--------------------------

Any Ideas would be greatly appreciated, informing 1000 users by plain mail is not really an option.

TIA
Peter


PS: A pointer to how ISPC3 implements virtual users would also be great.

till
30th March 2009, 19:09
ISPConfig implements virtual users in a mysql database with crypt password hashes. Your password hashes are not compatible and I guess it is not possible to migrate your system without generating new passwords.

DHDSP
31st March 2009, 12:05
Thanks for the answer.

Now userdbpw is also used in my setup to set the "system pw" for courier, as in my previous post:

"echo "$6" | userdbpw | userdb "$5"/"$4"@"$5" set systempw"

A quick look in the sourcecode (I'm not a real programmer) tells me the crypt funtion is used to generate the "system pw" if no md5 or hmac is used.

like here:

tail userdbpw.c (from the courier authlib source)

--------------------<CUT>------------------------
salt[1]=userdb_hex64[(unsigned)salt[1]];
}
#endif

#if HAVE_CRYPT
printf("%s\n", crypt(buf, salt));
fflush(stdout);
#endif
return (0);
}
--------------------</CUT>------------------------

now I'm not really sure if the "HAVE_CRYPT" means that userdbpw is called without the option md5 or hmac - but i suppose so.

Wouldn't these encrypted passwords then be usable? Or am I missing something ?


TIA
Peter