How are Passwords Stored

jonny · Postby **jonny** » Mon Aug 07, 2006 7:12 am

Hello,

Quick question - how are passwords stored on the Scalix server, are they encrypted or stored as plaintext?

Thanks
John.

florian · Postby **florian** » Mon Aug 07, 2006 10:10 am

They are encrypted within in hidden USERLIST directory. The encryption is basically a one-way hash, similar to what's being used in /etc/shadow under Linux.

Cheers,
Florian.

marzl · Postby **marzl** » Fri Oct 19, 2007 7:34 am

What kind of encrytion is used? MD5 or SHA?

jch · Postby **jch** » Fri Oct 19, 2007 7:58 am

It's an MD5 hash, identical to that used in /etc/shadow. (It uses crypt(3)).

jch

marzl · Postby **marzl** » Fri Oct 19, 2007 8:15 am

stephan.klein · Postby **stephan.klein** » Fri Oct 26, 2007 4:32 am

One question on this - is there a way to get the hash to an openldap directory? I prepare to move my scalix users to openldap as described in the wiki, but I don't want my users to have to set up a new password.

Regards
Stephan

jch · Postby **jch** » Fri Oct 26, 2007 4:43 am

Possibly. It depends :-)

If openLDAP is set up to use the same scheme then you can extract the passwords from the userlist directory and use them for openLDAP provided you can set the hashed password attribute value directly. You'll need to be root to be able to run "omsearch -th -d userlist -m UL-PWD -e <filter>" -- we don't want people reading the userlist any more than we want people reading /etc/shadow.

jch

Scalix Forums

How are Passwords Stored

How are Passwords Stored

Who is online