1 Topic by mpoudim

  • mpoudim
  • Member
  • Offline
  • Registered: 2016-06-24
  • Posts: 13

Topic: Change from CRYPT to SSHA passwords

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.8.6
- Linux/BSD distribution name and version: RHEL 6.5 (Santiago)
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): OpenLDAP
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? Nope
- Related log if you're reporting an issue:
====

As stated above, we use OpenLDAP backend.
As such ldap_simple driver seems to be in use for authentication.

Browsing LDAP entries, I have seen that some users have CRYPT hashed passwords while others have SSHA.
After some search I found out that when a user changes his password from his roundcube "change password"
panel it is CRYPT hashed,
while when managing users directly on ldap base, we can set the CRYPT_MECH to SSHA.

Is there a way to change crypt mechanism to SSHA, when users change their passwords from their roundcube panel?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,165

Re: Change from CRYPT to SSHA passwords

Roundcube supports SSHA, you can set it in its 'password' plugin under /var/www/roundcubemail/plugins/config/config.inc.php on RHEL/CentOS.

3 Reply by mpoudim

  • mpoudim
  • Member
  • Offline
  • Registered: 2016-06-24
  • Posts: 13

Re: Change from CRYPT to SSHA passwords

ZhangHuangbin wrote:

Roundcube supports SSHA, you can set it in its 'password' plugin under /var/www/roundcubemail/plugins/config/config.inc.php on RHEL/CentOS.

Thank you for your prompt answer, I do not know two things before changing this;

1. if a new addition to the php libraries is needed (php-mhash ?)
2. if changing this will affect the already stored user-passwords and effectively disable their logins.

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,165

Re: Change from CRYPT to SSHA passwords

mpoudim wrote:

1. if a new addition to the php libraries is needed (php-mhash ?)

php-mhash is required. it should be installed by iRedMail if it's available on your system, but you better double check.

mpoudim wrote:

2. if changing this will affect the already stored user-passwords and effectively disable their logins.

No. it just applies to new password.

5 Reply by mpoudim

  • mpoudim
  • Member
  • Offline
  • Registered: 2016-06-24
  • Posts: 13

Re: Change from CRYPT to SSHA passwords

Confirmed that php-mhash is not installed, will correct this when I find some time.
Thank you very much