Re: [squid-users] vpopmail MD5 vs squid MD5

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 6 Jan 2004 04:37:56 +0100 (CET)

On Tue, 6 Jan 2004, toblo wrote:

> I've managed to connect both vpopmail and squid to openldap. Both can
> authenticate the users okay. The problem raises when I tried to
> authenticate vpopmail's user into squid.
>
> When I browse the userlist using LDAP Browser, I find that vpopmail saves
> the password in MD5 39Bytes long, "{MD5}$1$qvNMfgHF$/ZsHAjbAHPLALu/MRIj8d.",

Is this stored in the userPassword attribute, or some other vpopmail
specific attribute?

> while LDAP Browser saves the password in MD5 29Bytes long,
> "{MD5}lueSGJZetyySpUndWjMBEg==". Squid can read the 29Bytes long one,
> not the 39Bytes long one. Thus vpopmail users can't authenticate
> themselves in squid.

Squid does not read the saved password. It just tries to log in to the
LDAP server using the given login+password. It is up to the LDAP server to
figure out how to compare the password given by the user with what is
stored in the LDAP directory.

> Does anybody know how can I synch those two different MD5 password
> length?

You can't.

Ideally most applications connecting to the LDAP server should be using
the LDAP simple bind authentication method.

Passoword change applications using their own or other authentication
schemes just using the LDAP server for plain storage will require
modifications to make sure to also update the LDAP password.

Regards
Henrik
Received on Mon Jan 05 2004 - 20:37:58 MST

This archive was generated by hypermail pre-2.1.9 : Sun Feb 01 2004 - 12:00:03 MST