How to encrypt user's plain text email password for ispconfig.

Discussion in 'Installation/Configuration' started by rob_morin, Jul 8, 2015.

  1. rob_morin

    rob_morin Member HowtoForge Supporter

    Hello all... I am migrating some users(about 200) from one server to ispconfig... i have both their plain text and encrypted passwords available to me. When i update the user's password field in the database wit the encrypted one, it does not work even after a sync of the email boxes under tools. I am no encryption expert so i am not sure how it works ...
    Current encrypted password look like this, they al end with a ==(the salt?)
    iBToh9LME5GhF0Hfwuaezw==
    Since they do not work i was thinking of just encrypting the clear text into crypt??

    Suggestions?

    Thanks...
     
  2. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    If you have the clear passwords, i would use them ;)
     
  3. rob_morin

    rob_morin Member HowtoForge Supporter

    How would i then ecnrypt the password? Using what command?

    Thanks buddy..
     
  4. rob_morin

    rob_morin Member HowtoForge Supporter

    ok so doing this
    openssl passwd -crypt some_passwd
    gives me this
    alCD5A7r.XXa.

    When i insert this into mysql under the user's login field in mail_users and try to login in with his email address and the password some_password in webmail as a test it does not work....

    Ideas?
     
  5. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    UPDATE mail_user SET passwort = md5('clear-passowrd') WHERE email = 'email';
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    I would recommend to use a password with salt, you can use e.g. this PHP function:

    Code:
    public function crypt_password($cleartext_password) {
            $salt="$1$";
            $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
            for ($n=0;$n<8;$n++) {
                $salt.=$base64_alphabet[mt_rand(0, 63)];
            }
            $salt.="$";
            return crypt($cleartext_password, $salt);
        }
    
     
  7. rob_morin

    rob_morin Member HowtoForge Supporter

    Hello, so i tried to do this and it does not work..
    UPDATE mail_user SET password = md5('SomePassword') WHERE email = '[email protected]';
    Query OK, 1 row affected (0.00 sec)
    Rows matched: 1 Changed: 1 Warnings: 0

    I see the password field does get updated and mysql comes back with an OK
    But when trying to login in via webmail the password does not work, I can easily change it back with web gui and all is good, but i just needed to make a mass password update for a migration..

    Am I missing something?
    :)
    Thanks..
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    You use the wrong encryption. The password of email accounts is encrypted with crypt-md5 (see the code I posted in #6) and not with md5.
     
  9. rob_morin

    rob_morin Member HowtoForge Supporter

    I see, I am not much of a php programmer, but i guess I will play around with it..

    Thanks
     
  10. Jesse Norell

    Jesse Norell Active Member

    md5() in mysql generates an md5 checksum, which isn't suitable for (nor compatible with) use as a password; what you need is something like:
    Code:
    MariaDB [dbispconfig]> update mail_user set password = (select ENCRYPT('SomePassword', CONCAT('$1$', salt)) salt FROM (SELECT FLOOR(RAND() * 0xFFFFFFFF) AS salt) t1) where email = [email protected]';
    Query OK, 1 row affected (0.00 sec)
    Rows matched: 1  Changed: 1  Warnings: 0
    
    (You may find it easier to just to calculate the password in your script prior to passing it to mysql.)
     
    till likes this.
  11. rob_morin

    rob_morin Member HowtoForge Supporter

    That worked like a charm Jesse, thanks!!
     
  12. rob_morin

    rob_morin Member HowtoForge Supporter

    lol, ok a quick question, so we have a multi server setup, we have a mail server, mysql server and web server, these updates should be done on the mail server mysql database i assume? Not on the main one on the web server?
     
  13. till

    till Super Moderator Staff Member ISPConfig Developer

    The update has to be done on the master server and then use Tools > Resync to sync the other servers after this manual database change.
     

Share This Page