Topic: Crypted Passwords

After migrating our Atmail from 5 to 6 I wncountered the following problem. Our passwords were crypted in the old database (MD5 with salt). It seems my predecessor followed some article in the Atmail Knowledge-Base to activate crypted passwords. After the migration all the Atmail server components expect plaintext passwwords in the database.

For Exim and Dovecot I already found the corresponding configuration parameters. What I need to know is, where can I configure the webmail interface for using encrypted passwords for reading and storing in the database.

+ -

Re: Crypted Passwords

I found something in the file /usr/local/atmail/webmail/application/models/api.php

Line 589:

    // Step 2: set up UserSession data
    // TODO: Add crypt, MD5, and plain text password support

Line 603:

    //crypt Password field if crypt enabled
    if( Zend_Registry::get('config')->global['cryptEnabled'] == true )
            $userArray['UserSession']['Password'] = crypt($args['Password']);
    else
            $userArray['UserSession']['Password'] = $args['Password'];

It seems, at least some crypting parts are already implemented in the web interface. Is it safe to enable them? If so, where do I have to set the option "cryptEnabled"? I would assume something like:

INSERT INTO atmail.Config section, keyName, keyValue, keyType VALUES ("global", "cryptEnabled", "1", "Boolean")

Or am I totally wrong about the location of configuration parameters like this one?

+ -

  • isq
  • Member
  • Offline

Re: Crypted Passwords

Hi there,

Any solution or work around to add crypt?

thanks.

+ -