Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Feature Requests

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 21st May 2009, 14:43
Ovidiu Ovidiu is offline
Senior Member
 
Join Date: Sep 2005
Posts: 1,262
Thanks: 78
Thanked 24 Times in 20 Posts
Default changing email password for users

anyone able or interested in making a how-to using this plugin: http://squirrelmail.org/plugin_view.php?id=25 for squirrelmail?

seeing squirrelmail comes recommended with ispcfg3 it would be great if users could change their email passwords.

what about the big players here? how do you solve this for your email users?

my few users are upset about not being able to change their passwords :-(
Reply With Quote
Sponsored Links
  #2  
Old 21st May 2009, 15:25
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,006
Thanks: 826
Thanked 5,377 Times in 4,224 Posts
Default

On most systems the owner of the website (client) manages the passwords for his email accounts and not the email user itself.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 22nd May 2009, 16:37
Ovidiu Ovidiu is offline
Senior Member
 
Join Date: Sep 2005
Posts: 1,262
Thanks: 78
Thanked 24 Times in 20 Posts
Default

ok, I understand that point of view, but still if someone has a couple of minutes, maybe he can check the config file of this plugin?

shouldn't be that hard if one knows where/how passwords are stored for virtualusers

http://pastebin.com/f135629b1
Reply With Quote
  #4  
Old 22nd May 2009, 23:01
BorderAmigos BorderAmigos is offline
Senior Member
 
Join Date: Apr 2008
Location: San Diego & Tijuana
Posts: 302
Thanks: 26
Thanked 33 Times in 31 Posts
Send a message via MSN to BorderAmigos Send a message via Yahoo to BorderAmigos
Default

They are stored (in my case) in the database 'dbispconfig', table 'mail_user', column 'password'. But they are hashed to some obscure value. I have many names accounts that use the same password but in the database they show differently.
__________________
System6Hosting.com, ISPConfig 3, Debian.
Reply With Quote
  #5  
Old 22nd May 2009, 23:20
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,006
Thanks: 826
Thanked 5,377 Times in 4,224 Posts
Default

Quote:
Originally Posted by BorderAmigos View Post
They are stored (in my case) in the database 'dbispconfig', table 'mail_user', column 'password'. But they are hashed to some obscure value. I have many names accounts that use the same password but in the database they show differently.
The passwords are encrypted with the default linux encryption and thats not obscure at all. It is a crypt md5 encryption with salt, so the hash is always different to prevent dictionary attacks. Its the same encryption that linux uses for passwprds in the /etc/shadow file.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #6  
Old 22nd May 2009, 23:42
BorderAmigos BorderAmigos is offline
Senior Member
 
Join Date: Apr 2008
Location: San Diego & Tijuana
Posts: 302
Thanks: 26
Thanked 33 Times in 31 Posts
Send a message via MSN to BorderAmigos Send a message via Yahoo to BorderAmigos
Default

All encryption is obscure to someone who knows nothing about encryption , but I've been studying it since the first post and am catching up. Is the 'salt' from ISPConfig or from elsewhere in the Linux system? (sasl?) I'm still studying that part.

edit: (Directly changing the database may mess things up, I'm just experimenting).

For the password to store in the above mentioned database it seems you would choose your PASSWORD and an 8 character salt value SALTSALT then
Code:
$password = '$1$SALTSALT$'.crypt('PASSWORD','$1$SALTSALT$');
or something similar.

What I'm curious about is if then using some php code to change the password in the database, will that automatically be read by ISPConfig, PostFix, Courier, et cetera? Or will it have to wait on a cron job or need some sort of restart or trigger before it goes into effect?
__________________
System6Hosting.com, ISPConfig 3, Debian.

Last edited by BorderAmigos; 23rd May 2009 at 00:35. Reason: update
Reply With Quote
  #7  
Old 23rd May 2009, 09:24
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,006
Thanks: 826
Thanked 5,377 Times in 4,224 Posts
Default

The salt is a random 8 character value, it should be different for every password.

Quote:
What I'm curious about is if then using some php code to change the password in the database, will that automatically be read by ISPConfig, PostFix, Courier, et cetera? Or will it have to wait on a cron job or need some sort of restart or trigger before it goes into effect?
For courier and smtp and ispconfig it is enough to chnage it in the database. If ispconfig will support other configurations which may need to change config files then it will not be enough to change only the db, in that case also a record will have to be written to the sys_datalog to start the server side processing of the changes.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #8  
Old 8th July 2009, 11:40
freeeeeedy freeeeeedy is offline
Junior Member
 
Join Date: Jul 2009
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default

for squirrelmail + change_sqlpass
you may need to change these in config.php

$password_encryption = 'PHPCRYPT';
$csp_salt_query = 'SELECT CONCAT(\'$1$\', SUBSTRING(SUBSTRING( PASSWORD , (LENGTH( SUBSTRING_INDEX( PASSWORD , \'$\', 2 ) ) +2 )) FROM 1 FOR 8)) FROM mail_user WHERE email = "%1"';

and remark this
//$csp_salt_static = '';

Hope this help
Reply With Quote
  #9  
Old 18th August 2009, 13:30
klonos klonos is offline
Member
 
Join Date: Apr 2007
Posts: 78
Thanks: 5
Thanked 3 Times in 3 Posts
Question Does this work with ispc3?

Does it???
__________________
You can support Howtoforge and all the people behind it too. Consider becoming a supporter. It only costs a few and has to offer so much more than it already does. Take a look here
Reply With Quote
  #10  
Old 21st August 2009, 04:27
freeeeeedy freeeeeedy is offline
Junior Member
 
Join Date: Jul 2009
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

I think this is a Squirrelmail + change_sqlpass issue

it doesn't related to ISPConfig
Reply With Quote
Reply

Bookmarks

Tags
email, password, squirrelmail, user, virtual

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
hotmail rejects outgoing email nzimas Server Operation 3 1st May 2009 03:39
Procedure: changing a mailuser password Hans General 14 22nd September 2008 17:21
chgrp error new user DKA General 15 28th July 2008 17:45
Problems with the Virtual Users And Domains With Postfix, Courier And MySQL tutorial wwinfrey HOWTO-Related Questions 12 15th August 2006 16:38
How to install BFD (Brute Force Detection) domino Tips/Tricks/Mods 9 31st March 2006 22:40


All times are GMT +2. The time now is 06:32.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.