Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 4th November 2009, 14:11
voltron81 voltron81 is offline
Senior Member
 
Join Date: Sep 2009
Posts: 292
Thanks: 1
Thanked 4 Times in 3 Posts
Default How can I change the encryption password method of ISPConfig?

Hi to everybody,

I'm migrating an old mail server (based on webmin) to the new one(based on ISPConfig 3).
For the migration I've just created in ISPConfig the domains and the emails, and after I've copied /var/vmail from the old server to the new one.

I can read the old mail and it's ok.

The only problem that I have is for the email's password.
Basically webmin is using as encrytion the mysql way: ENCRYPT('password'), but ISPConfig is using another method, the CRYPT-MD5.
Now, I know how to create an ISPConfig password from a non-crypted password, because I created this php script:
Code:
<?php
$password = crypt('password' , '$1$user@domain.com$');
print $password . " is the CRYPT-MD5 version of my old password<br>";
?>
and it's working perfectly.
The point is I haven't the non-encrypt passwords, but they are encrypted.
So the only way that I can see to complete the migration is changing the encryption policy of ISPConfig from CRYPT-MD5 to ENCRYPT.

Is it possible to do?

Do you know how to do it?

Thanks
Michele
Reply With Quote
Sponsored Links
  #2  
Old 4th November 2009, 14:34
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 36,421
Thanks: 834
Thanked 5,499 Times in 4,328 Posts
Default

The encrypt function of mysql uses also the linux crypt call:

http://dev.mysql.com/doc/refman/5.1/...nction_encrypt

it just looks as if it does not format the string correctly with the salt or does not use a salt.

Changing the encryption method in ispconfig is a bad idea as you might have to change the config of several daemons for smtp, pop3, imap, ftp and also you would not be able to install any future updates after your changes.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 4th November 2009, 14:54
voltron81 voltron81 is offline
Senior Member
 
Join Date: Sep 2009
Posts: 292
Thanks: 1
Thanked 4 Times in 3 Posts
Default

Hi Till,
I know that is not the best idea, but I can not see any other option to use the old accounts...

Anyway I tried to edit the file: /var/www/ispconfig/mail/form/mail_user.tform.php changing this:
Code:
'password' => array (
                        'datatype'      => 'VARCHAR',
                        'formtype'      => 'PASSWORD',
                        'encryption'=> 'CRYPT',
to this:
Code:
'password' => array (
                        'datatype'      => 'VARCHAR',
                        'formtype'      => 'PASSWORD',
                        'encryption'=> 'ENCRYPT',
and now, if I update manually in the database the value of the password (encrypted), I can enter in that email.
The problem is that, if I edit the password of that email in ISPConfig (or if I create a new email with ISPConfig), the new password is encrypted in a very strange way (like 8a94bdfc825df46f880854f41fee346b instead of 00tYo7GsNhKNQ). It's look like ISPConfig is now encrypting in MD5.

Any idea to fix it?
Thanks
Michele
Reply With Quote
  #4  
Old 4th November 2009, 15:22
voltron81 voltron81 is offline
Senior Member
 
Join Date: Sep 2009
Posts: 292
Thanks: 1
Thanked 4 Times in 3 Posts
Default

Maybe I've find how to do.
I've just discover that, without change nothing in ISPConfig, if I just update the value of the passwords with the passwords of the old server (encrypted), I'm able to check the email with roundcube without problem.
If when I need to change a password, I'll do it with ISPConfig and it will be encrypted in CRYPT MD5...

Now I've just to check if in this way it's working with POP3/IMAP...
Stay tuned...
Reply With Quote
  #5  
Old 4th November 2009, 15:22
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 36,421
Thanks: 834
Thanked 5,499 Times in 4,328 Posts
Default

Quote:
the new password is encrypted in a very strange way (like 8a94bdfc825df46f880854f41fee346b instead of 00tYo7GsNhKNQ).
Not strange at all, its the default way of linux password encryption on all modern linux distributions.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #6  
Old 4th November 2009, 15:53
voltron81 voltron81 is offline
Senior Member
 
Join Date: Sep 2009
Posts: 292
Thanks: 1
Thanked 4 Times in 3 Posts
 
Default

It's look like working also with POP3 and IMAP.

So basically I solved it just updating the old passwords in the dbispconfig...
I didn't expect that it was so easy...

Thanks Till

Michele
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
password encryption acumen Installation/Configuration 8 16th November 2009 08:43
Have a problem, can't enter to ISPConfig with correct login(admin) and password. Jolman General 9 1st July 2009 18:41
How do I change the ISPConfig Website IP, not the server IP? mcaramb Installation/Configuration 1 9th June 2009 12:24
ISPconfig - Usename change password -> username already in use klonos HOWTO-Related Questions 10 30th November 2008 13:30
ISPConfig admin Password linuxuser1 Installation/Configuration 2 21st October 2005 13:38


All times are GMT +2. The time now is 21:13.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.