Page 1 of 1
How are Passwords Stored
Posted: Mon Aug 07, 2006 7:12 am
by jonny
Hello,
Quick question - how are passwords stored on the Scalix server, are they encrypted or stored as plaintext?
Thanks
John.
Posted: Mon Aug 07, 2006 10:10 am
by florian
They are encrypted within in hidden USERLIST directory. The encryption is basically a one-way hash, similar to what's being used in /etc/shadow under Linux.
Cheers,
Florian.
Posted: Fri Oct 19, 2007 7:34 am
by marzl
What kind of encrytion is used? MD5 or SHA?
Posted: Fri Oct 19, 2007 7:58 am
by jch
It's an MD5 hash, identical to that used in /etc/shadow. (It uses crypt(3)).
jch
Posted: Fri Oct 19, 2007 8:15 am
by marzl
thx!
Posted: Fri Oct 26, 2007 4:32 am
by stephan.klein
One question on this - is there a way to get the hash to an openldap directory? I prepare to move my scalix users to openldap as described in the wiki, but I don't want my users to have to set up a new password.
Regards
Stephan
Posted: Fri Oct 26, 2007 4:43 am
by jch
Possibly. It depends
If openLDAP is set up to use the same scheme then you can extract the passwords from the userlist directory and use them for openLDAP provided you can set the hashed password attribute value directly. You'll need to be root to be able to run "omsearch -th -d userlist -m UL-PWD -e <filter>" -- we don't want people reading the userlist any more than we want people reading /etc/shadow.
jch