Results 1 to 2 of 2

Thread: Storing email user passwords with postfix

  1. #1
    Join Date
    Aug 2010

    Storing email user passwords with postfix


    I use a mysql backend for postfix: domains, email addresses, etc. => Following this tutorial, the users' passwords are stored with the mysql encrypt() function which only takes into account the first 8 characters. It does not appear to be a very secure/strong way to store passwords.

    How to set up postcript so that it can work with a mysql backend using a much stronger hashing algorithm. Especially, what solution exists for postfix to use passwords longer than 8 characters?


  2. #2
    Join Date
    Aug 2010

    Re: Storing email user passwords with postfix

    The official courier documentation is very lacking. I document what I find here:

    Anyway, I just found this:
    MYSQL_CRYPT_PWFIELD - name of the field containing the crypt-ed password (either MYSQL_CRYPT_PWFIELD or MYSQL_CLEAR_PWFIELD is required). NOTE: this password must be crypt-ed using the operating system's crypt function, NOT MySQL's crypt function. MySQL's crypt() function is non-standard and is not generally compatible with the operating system's crypt function.
    The tutorial previously mentioned clearly uses mysql's crypt() function. Besides, the system does no seem to come with any function named 'crypt'. So, which is it?

    Is MySQL's crypt() function ok?
    Do we have any other alternative?


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts