Tickets :: [#1998] Ldap backend crypt-des instead of crypt encryption

6.0.0-beta1

7/26/25

Summary	Ldap backend crypt-des instead of crypt encryption
Queue	Passwd
Queue Version	2.2.2
Type	Bug
State	Resolved
Priority	2. Medium
Owners
Requester	laurent.le-moine (at) ac-dijon (dot) fr
Created	05/19/2005 (7373 days ago)
Due
Updated	07/11/2005 (7320 days ago)
Assigned	05/21/2005 (7371 days ago)
Resolved	07/11/2005 (7320 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch	No

07/11/2005 10:15:26 AM	Jan Schneider	Comment #4 State ⇒ Resolved	Reply to this comment
No feedback.

05/21/2005 04:14:48 AM	Chuck Hagenbuch	Taken from Horde Developers

05/21/2005 04:14:25 AM	Chuck Hagenbuch	Comment #3 State ⇒ Feedback Priority ⇒ 2. Medium	Reply to this comment
The code is drastically different in CVS. Please see if you have the same issue with the current code.

05/21/2005 04:12:29 AM	Chuck Hagenbuch	Assigned to Horde Developers State ⇒ Assigned

05/19/2005 12:18:46 PM	horde-bugs (at) conuropsis (dot) org	Comment #2	Reply to this comment
(maintainer of Debian package speaking) Drivers.php doesn't contain any Debian-specific changes in the Debian package. Patch should thus apply cleanly to your version. Waiting for your comments on the patch to integrate it into the Debian package.

05/19/2005 10:02:01 AM	laurent (dot) le-moine (at) ac-dijon (dot) fr	Comment #1 State ⇒ Unconfirmed Priority ⇒ 3. High Type ⇒ Bug Summary ⇒ Ldap backend crypt-des instead of crypt encryption Queue ⇒ Passwd	Reply to this comment
Hello, Please excuse my poor english, i will try to explain as precisely as possible Context : I am using debian/testing for our Academic webmail it is based on Horde2, IMP3 ... and sork-passwd Users are authentificated with IMAP and changes are applied in a LDAP backend (Netscape-SUN / iplanet) Events : Yesterday i decided to upgrade (lots of package including sork-passwd) Problem raised this morning : users passwd accepted to be changed but users never can login again after passwd change Problem cause: default encryption is now crypt-des and not crypt as before (no break in case 'crypt' instruction in /usr/share/horde2/passwd/lib/Driver.php) and passwd are no more readable in this format My solution: I have a look to the source php and find some differences with the working version, I made a patch and it is working now. Using crypt-des is a good thing but it should not the default behaviour when using the crypt parameter. I would have like to decide to apply or not. my working version is Driver.php and Driver.php.deb is the one from the debs webmail:/usr/share/horde2/passwd/lib# diff -U 7 Driver.php.deb Driver.php --- Driver.php.deb 2005-05-19 10:59:32.000000000 +0200 +++ Driver.php 2005-05-19 11:09:49.000000000 +0200 @@ -99,14 +99,20 @@ } break; case 'md5-base64': if ($encrypted == base64_encode(mHash(MHASH_MD5, $plaintext))) { return true; } break; case 'crypt': + $encrypted = substr($encrypted, 7); + $salt = substr($encrypted , 0, 2); + if ($encrypted == crypt($plaintext, $salt)) { + return true; + } + break; case 'crypt-des': $encrypted = preg_replace('\|^{crypt}\|', '', $encrypted); $salt = substr($encrypted, 0, 2); if ($encrypted == crypt($plaintext, $salt)) { return true; } break; @@ -166,14 +172,17 @@ switch ($this->_params['encryption']) { case "plain": break; case "sha": $newPassword = "{SHA}" . base64_encode(mHash(MHASH_SHA1, $newPassword)); break; case 'crypt': + // The salt is left out, generated by php + $newPassword = "{crypt}" . crypt($newPassword); + break; case 'crypt-des': $salt = substr(md5(mt_rand()), 0, 2); $newPassword = crypt($newPassword, $salt); break; case 'crypt-md5': $salt = '$1$' . substr(md5(mt_rand()), 0, 8) . '$'; $newPassword = crypt($newPassword, $salt); Hope it will help, Anyway, congratulation for your excellent job on this project, Laurent Le Moine laurent.le-moine@ac-dijon.fr Rectorat de l'Académie de Dijon (France)