PDA

View Full Version : changing email password for users


Ovidiu
21st May 2009, 14:43
anyone able or interested in making a how-to using this plugin: http://squirrelmail.org/plugin_view.php?id=25 for squirrelmail?

seeing squirrelmail comes recommended with ispcfg3 it would be great if users could change their email passwords.

what about the big players here? how do you solve this for your email users?

my few users are upset about not being able to change their passwords :-(

till
21st May 2009, 15:25
On most systems the owner of the website (client) manages the passwords for his email accounts and not the email user itself.

Ovidiu
22nd May 2009, 16:37
ok, I understand that point of view, but still if someone has a couple of minutes, maybe he can check the config file of this plugin?

shouldn't be that hard if one knows where/how passwords are stored for virtualusers

http://pastebin.com/f135629b1

BorderAmigos
22nd May 2009, 23:01
They are stored (in my case) in the database 'dbispconfig', table 'mail_user', column 'password'. But they are hashed to some obscure value. I have many names accounts that use the same password but in the database they show differently.

till
22nd May 2009, 23:20
They are stored (in my case) in the database 'dbispconfig', table 'mail_user', column 'password'. But they are hashed to some obscure value. I have many names accounts that use the same password but in the database they show differently.

The passwords are encrypted with the default linux encryption and thats not obscure at all. It is a crypt md5 encryption with salt, so the hash is always different to prevent dictionary attacks. Its the same encryption that linux uses for passwprds in the /etc/shadow file.

BorderAmigos
22nd May 2009, 23:42
All encryption is obscure to someone who knows nothing about encryption :confused:, but I've been studying it since the first post and am catching up. Is the 'salt' from ISPConfig or from elsewhere in the Linux system? (sasl?) I'm still studying that part.

edit: (Directly changing the database may mess things up, I'm just experimenting).

For the password to store in the above mentioned database it seems you would choose your PASSWORD and an 8 character salt value SALTSALT then

$password = '$1$SALTSALT$'.crypt('PASSWORD','$1$SALTSALT$');

or something similar.

What I'm curious about is if then using some php code to change the password in the database, will that automatically be read by ISPConfig, PostFix, Courier, et cetera? Or will it have to wait on a cron job or need some sort of restart or trigger before it goes into effect?

till
23rd May 2009, 09:24
The salt is a random 8 character value, it should be different for every password.

What I'm curious about is if then using some php code to change the password in the database, will that automatically be read by ISPConfig, PostFix, Courier, et cetera? Or will it have to wait on a cron job or need some sort of restart or trigger before it goes into effect?

For courier and smtp and ispconfig it is enough to chnage it in the database. If ispconfig will support other configurations which may need to change config files then it will not be enough to change only the db, in that case also a record will have to be written to the sys_datalog to start the server side processing of the changes.

freeeeeedy
8th July 2009, 11:40
for squirrelmail + change_sqlpass
you may need to change these in config.php

$password_encryption = 'PHPCRYPT';
$csp_salt_query = 'SELECT CONCAT(\'$1$\', SUBSTRING(SUBSTRING( PASSWORD , (LENGTH( SUBSTRING_INDEX( PASSWORD , \'$\', 2 ) ) +2 )) FROM 1 FOR 8)) FROM mail_user WHERE email = "%1"';

and remark this
//$csp_salt_static = '';

Hope this help

klonos
18th August 2009, 13:30
Does it???

freeeeeedy
21st August 2009, 04:27
I think this is a Squirrelmail + change_sqlpass issue

it doesn't related to ISPConfig

CubAfull
21st August 2009, 19:03
I sussefully implement this future in my server... going to make a guide...

post here or make a Linux tutorial in the frontpage ? :confused:

falko
22nd August 2009, 13:58
You can email the tutorial to me, and I'll publish it for you. :)

ft [at] falkotimme [dot] com

CubAfull
22nd August 2009, 21:31
hi falko,
I've sent you an email with a tutorial that I have done :)

thank you

klonos
18th September 2009, 19:54
Hey falco, let us know once you're done. Thanx in advance!

CubAfull
19th September 2009, 00:50
the tutorial?

here:
http://www.howtoforge.com/how-to-configure-squirrelmail-to-allow-users-to-change-their-email-passwords-on-an-ispconfig-3-server

dreamsky
23rd May 2012, 14:43
my server debian squeeze with bind and dovecot ispconfig3 and i follow this configuration "http://www.howtoforge.com/perfect-server-debian-squeeze-with-bind-and-dovecot-ispconfig-3" i create ftp and database for my website and it's work,
but i can't open mydomain.com/webmail so i must do step "20.2"
but when i follow this configuration "http://www.howtoforge.com/how-to-configure-squirrelmail-to-allow-users-to-change-their-email-passwords-on-an-ispconfig-3-server" to change password user i got this error when i change password "Could not find Pear DB library"
when i don't do step "20.2" i succeed change password but i can't open mydomain.com/webmail, i open webmail using ip 192.168.0.100/webmail

anyone can help me so
1. i can create ftp and database for my website
2. i can open mydomain.com/webmail and
3. i can change password succeed ?

thx before

falko
24th May 2012, 13:25
Please add /usr/share/php to open_basedir of the website from which you want to access webmail.

dreamsky
25th May 2012, 06:23
thx my problem solved
http://www.howtoforge.com/forums/showthread.php?p=279551#post279551

forbin42
15th July 2013, 20:19
This works great. I am getting one error though where the server says that it can't understand the command because of SSL. I changed the port in the config but still get the error. Just an FYI, the password change is successful, just that the server returns the error.

Corrupted Content Error

The page you are trying to view cannot be shown because an error in the data transmission was detected.

The page you are trying to view cannot be shown because an error in the data transmission was detected.Please contact the website owners to inform them of this problem.

kings
10th September 2014, 19:47
Dear friends,
Please any body to help me!
I have SuSE 12.2 server and ISPConfig 3 and installed Squirrelmail.

Every think work is OK. But .....
when by browser i login in account and from options i tray to change user password i have ERROR: No valid backend defined.

I tray all from all tutorial about his and change this plug-in with change_sqlpassword but result is the same.

I recover change_password because have small changes in all files.

Please for advise. Help me to understand where I make mistakes.

Thanks in advance of every help