Tickets :: Comment on [#1998] Ldap backend crypt-des instead of crypt encryption

* Your Email Address
* Spam protection	Enter the letters below: . ,.__..___..__..__. \./ [__] _/ \| \|[__] \| \| \|./__.\|__\\| \|
Comment	> Hello, > > > > Please excuse my poor english, i will try to explain as precisely as possible > > > > Context : I am using debian/testing for our Academic webmail > > it is based on Horde2, IMP3 ... and sork-passwd > > Users are authentificated with IMAP and changes are applied in a LDAP > backend (Netscape-SUN / iplanet) > > > > > > Events : Yesterday i decided to upgrade (lots of package including > sork-passwd) > > > > > > Problem raised this morning : users passwd accepted to be changed but > users never can login again after passwd change > > > > > > Problem cause: default encryption is now crypt-des and not crypt as > before (no break in case 'crypt' instruction in > /usr/share/horde2/passwd/lib/Driver.php) and passwd are no more > readable in this format > > > > My solution: I have a look to the source php and find some > differences with the working version, I made a patch and it is > working now. Using crypt-des is a good thing but it should not the > default behaviour when using the crypt parameter. I would have like > to decide to apply or not. > > > > my working version is Driver.php and Driver.php.deb is the one from the debs > > > > webmail:/usr/share/horde2/passwd/lib# diff -U 7 Driver.php.deb Driver.php > > --- Driver.php.deb 2005-05-19 10:59:32.000000000 +0200 > > +++ Driver.php 2005-05-19 11:09:49.000000000 +0200 > > @@ -99,14 +99,20 @@ > > } > > break; > > case 'md5-base64': > > if ($encrypted == base64_encode(mHash(MHASH_MD5, > $plaintext))) { return true; > > } > > break; > > case 'crypt': > > + $encrypted = substr($encrypted, 7); > > + $salt = substr($encrypted , 0, 2); > > + if ($encrypted == crypt($plaintext, $salt)) { > > + return true; > > + } > > + break; > > case 'crypt-des': > > $encrypted = preg_replace('\|^{crypt}\|', '', $encrypted); > > $salt = substr($encrypted, 0, 2); > > if ($encrypted == crypt($plaintext, $salt)) { > > return true; > > } > > break; > > @@ -166,14 +172,17 @@ > > switch ($this->_params['encryption']) { > > case "plain": > > break; > > case "sha": > > $newPassword = "{SHA}" . > base64_encode(mHash(MHASH_SHA1, $newPassword)); > > break; > > case 'crypt': > > + // The salt is left out, generated by php > > + $newPassword = "{crypt}" . crypt($newPassword); > > + break; > > case 'crypt-des': > > $salt = substr(md5(mt_rand()), 0, 2); > > $newPassword = crypt($newPassword, $salt); > > break; > > case 'crypt-md5': > > $salt = '$1$' . substr(md5(mt_rand()), 0, 8) . '$'; > > $newPassword = crypt($newPassword, $salt); > > > > Hope it will help, > > Anyway, congratulation for your excellent job on this project, > > > > > > Laurent Le Moine > > laurent.le-moine@ac-dijon.fr > > Rectorat de l'Académie de Dijon (France)
Attachment
Watch this ticket

Saved Queries