1 Topic by shealyw2 (edited by shealyw2 2014-10-21 08:08:30)

  • shealyw2
  • Member
  • Offline
  • Registered: 2014-10-21
  • Posts: 4

Topic: Changing Password Method in iRedAdmin and Roundcube

Hi guys. Love the product, it is a lot faster than setting up Dovecot and Postfix for db support manually.

Since Centos6.5 does not support bcrypt natively I have decided to use pgsql's built in crypt() function to hash my passwords.  Now I am trying to alter iRedAdmin and Roundcube to use these schemes.  Though I have just noticed that these two systems actually use different schemes when saving using the Roundcube password plugin.  Is it possibe to alter these two to allow me to save and login with the password using pgsql's crypt function instead of the os crypt() function?  I am also thinking I will need to save the password with a {BCRYPT} prefix, correct? Since I don't know python, if you could point me in the right direction with iRedAdmin I would appreciate it.

==== Required information ====
- iRedMail version:      v0.4
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  PGSQL
- Linux/BSD distribution name and version: Centos 6.5
- Related log if you're reporting an issue:
====

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by shealyw2 (edited by shealyw2 2014-10-21 09:31:46)

  • shealyw2
  • Member
  • Offline
  • Registered: 2014-10-21
  • Posts: 4

Re: Changing Password Method in iRedAdmin and Roundcube

After playing around a little bit with iredadmin I got the bcrypt to work.  I did have to change line 322 in /var/www/iredadminlib/iredutils.py though for it to work with my current version.

from:

 return bcrypt.checkpw(plain_password, challenge_password)

to:

 return bcrypt.hashpw(plain_password, challenge_password) == challenge_password

In the /var/log/uwsgi/uwsgi-iredadmin.log there was mention of not being able to find the checkpw object attribute.

Exact error message:

 AttributeError: 'module' object has no attribute 'checkpw'

This is with Centos 6.5 and py-bcrypt installed.  I have not changed the "change password" functions yet.

Hopefully someone else will find this helpful.

3 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,094

Re: Changing Password Method in iRedAdmin and Roundcube

shealyw2 wrote:

In the /var/log/uwsgi/uwsgi-iredadmin.log there was mention of not being able to find the checkpw object attribute.

py-bcrypt should have 'checkpw' function, which version of py-bcrypt do you have?

4 Reply by shealyw2 (edited by shealyw2 2014-10-22 03:32:55)

  • shealyw2
  • Member
  • Offline
  • Registered: 2014-10-21
  • Posts: 4

Re: Changing Password Method in iRedAdmin and Roundcube

Zhang, the version of py-bcrypt in centos 6.5 with epel is .3-1

5 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,094

Re: Changing Password Method in iRedAdmin and Roundcube

You have to use py-bcrypt-0.4.

6 Reply by shealyw2

  • shealyw2
  • Member
  • Offline
  • Registered: 2014-10-21
  • Posts: 4

Re: Changing Password Method in iRedAdmin and Roundcube

Gotcha, thanks for the replies Zhang. It's working now and I will be upgrading to 7 ~soon so I will just leave it as it is for now.