Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Virtual Mail Server and crypt SHA-512 passwords
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
KintaroBC
n00b
n00b


Joined: 15 Feb 2014
Posts: 54
Location: Australia

PostPosted: Sun Apr 01, 2018 12:43 pm    Post subject: Virtual Mail Server and crypt SHA-512 passwords Reply with quote

I have been experimenting with Postfix/Courier as a virtual mail server with the directions on the wiki. Everything seems to be working however I noticed that the database provided on the wiki uses cleartext passwords. I want to use SHA-512 crypt passwords. I need to change the database, and configure postfix and courier to use them. I have tried searching for how to do this but couldn't find much. I am hoping someone can point me in the right direction.

The current users table:
Code:

CREATE TABLE users (
  id int(11) NOT NULL auto_increment,
  email varchar(128) NOT NULL default '',
  clear varchar(128) NOT NULL default '',
  name tinytext NOT NULL,
  uid int(11) NOT NULL default '1101',
  gid int(11) NOT NULL default '1101',
  homedir tinytext NOT NULL,
  maildir tinytext NOT NULL,
  quota tinytext NOT NULL,
  postfix enum('n','y') NOT NULL default 'y',
  PRIMARY KEY  (id),
  UNIQUE KEY email (email)
) ENGINE=MyISAM;


I am hoping someone here can help me secure my setup.
Back to top
View user's profile Send private message
szatox
Veteran
Veteran


Joined: 27 Aug 2013
Posts: 1717

PostPosted: Sun Apr 01, 2018 7:03 pm    Post subject: Reply with quote

I've been experimenting with postfix/dovecot and sha512 passwords "just work™"
Each password encryption scheme produces hashes in a unique format, so courier should be able to autodetect scheme in use.
Code:
MariaDB [maildb]> describe virtual_users;
+-----------+--------------+------+-----+---------+----------------+
| Field     | Type         | Null | Key | Default | Extra          |
+-----------+--------------+------+-----+---------+----------------+
| id        | int(11)      | NO   | PRI | NULL    | auto_increment |
| domain_id | int(11)      | NO   | MUL | NULL    |                |
| password  | varchar(106) | NO   |     | NULL    |                |
| email     | varchar(100) | NO   | UNI | NULL    |                |
+-----------+--------------+------+-----+---------+----------------+

Code:
doveadm pw -u test -p password -s SHA512-CRYPT
{SHA512-CRYPT}$6$0M4IsnjGEFpX6J5A$qEu7Goyr72VcS/mYzwjLpCbpXYZWhIk8/qvigU6crenubAt04tTiofgSduLjWfLRAOudtP0m.dVs0cH8zVZEo/

Prefix {...} may help identify encryption scheme, but in my case causes database to truncate hash since 106 characters is barely enough to fit the hash itself, so I omit it.
Your field size is big enough, so you may try to generate proper password hash and see it it works, perhaps changing default password hash scheme or adding scheme prefix (if courier supports it)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum