Re: [squid-users] vpopmail MD5 vs squid MD5

Hi Henrik,

That's a real fast reply. vpopmail save the password in userPassword
attribute.

I've found a workaround for this, I disable vpopmail's MD5 password
encryption and use the standard crypt instead. Now both vpopmail and ldap
can read the password.

Thanks,
toblo

----- Original message -----
From: "Henrik Nordstrom" <hno@squid-cache.org>
To: "toblo" <squid@tobloml.mailcan.com>
Date: Tue, 6 Jan 2004 04:37:56 +0100 (CET)
Subject: Re: [squid-users] vpopmail MD5 vs squid MD5

On Tue, 6 Jan 2004, toblo wrote:

> I've managed to connect both vpopmail and squid to openldap. Both can
> authenticate the users okay. The problem raises when I tried to
> authenticate vpopmail's user into squid.
>
> When I browse the userlist using LDAP Browser, I find that vpopmail saves
> the password in MD5 39Bytes long, "{MD5}$1$qvNMfgHF$/ZsHAjbAHPLALu/MRIj8d.",

Is this stored in the userPassword attribute, or some other vpopmail
specific attribute?

> while LDAP Browser saves the password in MD5 29Bytes long,
> "{MD5}lueSGJZetyySpUndWjMBEg==". Squid can read the 29Bytes long one,
> not the 39Bytes long one. Thus vpopmail users can't authenticate
> themselves in squid.

Squid does not read the saved password. It just tries to log in to the
LDAP server using the given login+password. It is up to the LDAP server
to
figure out how to compare the password given by the user with what is
stored in the LDAP directory.

> Does anybody know how can I synch those two different MD5 password
> length?

You can't.

Ideally most applications connecting to the LDAP server should be using
the LDAP simple bind authentication method.

Passoword change applications using their own or other authentication
schemes just using the LDAP server for plain storage will require
modifications to make sure to also update the LDAP password.

Regards
Henrik
Received on Mon Jan 05 2004 - 20:51:14 MST