View Issue Details

IDProjectCategoryView StatusLast Update
0004394SOGoWeb Preferencespublic2018-04-27 08:56
Reporterpmuszynski Assigned Toludovic  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Platformx64OSUbuntuOS Version16.04
Product Versionnightly master 
Fixed in Version4.0.1 
Summary0004394: userPasswordAlgorithm problem
Description

I use SQL backend.
I set userPasswordAlgorithm to md5-crypt. First password change accepts it and sets database password encoded with md5-crypt. Following password changes uses crypt as password algorithm.

Steps To Reproduce
  1. Sogo configured with userPasswordAlgorithm = md5-crypt
  2. MYSQL: Select password from mailbox where login=xxx@domain.com returns:
    $1$ etc - correct md5-crypt encoded pass.
  3. Login to sogo - change password
  4. MYSQL: Select password from mailbox where login=xxx@domain.com returns:
    $1$ etc - correct md5-crypt encoded pass.
  5. Change the password in sogo for second time
    6.MYSQL: Select password from mailbox where login=xxx@domain.com returns:
    gHvaDA8p6AqFs - password encoded with crypt.

From now all password changes, from every user use crypt encoding. Only restart of SOGo helps.

Additional Information

For now I switched to crypt encoding...

TagsNo tags attached.

Activities

pmuszynski

pmuszynski

2018-02-08 08:23

reporter   ~0012586

After adding prependPasswordScheme = YES; Sogo generates md5-crypt passwords and sha256-crypt passwords, but prepended with {crypt} (initially, before switching to crypted passwords.
With prependPasswordScheme = YES; and userPasswordAlgorithm = crypt it generates correct crypted passwords prepended by {CRYPT} in capitals.

ludovic

ludovic

2018-03-06 09:50

administrator   ~0012625

It looks to me like this is a configuration problem.

pmuszynski

pmuszynski

2018-03-12 03:05

reporter   ~0012649

It's not a configuration problem - SOGo doesn't respect userPasswordAlgorithm set to md5-crypt - it switches automatically to crypt after first password change - after restart of SOGO the same situation - one password change OK (md5-crypt), the following - bad (crypt)

ludovic

ludovic

2018-03-16 09:38

administrator   ~0012730

Can you try a patch?

ludovic

ludovic

2018-03-16 09:47

administrator   ~0012731

If so, try reverting that patch: https://github.com/inverse-inc/sogo/commit/63cb8014

That should fix things.

pmuszynski

pmuszynski

2018-04-27 05:44

reporter   ~0012854

It works. Is it possible to put it in main stream?

ludovic

ludovic

2018-04-27 08:56

administrator   ~0012855

Done.

Issue History

Date Modified Username Field Change
2018-02-08 07:55 pmuszynski New Issue
2018-02-08 08:23 pmuszynski Note Added: 0012586
2018-03-06 09:50 ludovic Note Added: 0012625
2018-03-06 09:50 ludovic Status new => closed
2018-03-06 09:50 ludovic Assigned To => ludovic
2018-03-06 09:50 ludovic Resolution open => no change required
2018-03-12 03:05 pmuszynski Note Added: 0012649
2018-03-12 03:05 pmuszynski Status closed => feedback
2018-03-12 03:05 pmuszynski Resolution no change required => reopened
2018-03-16 09:38 ludovic Note Added: 0012730
2018-03-16 09:38 ludovic Severity major => minor
2018-03-16 09:47 ludovic Note Added: 0012731
2018-04-27 05:44 pmuszynski Note Added: 0012854
2018-04-27 05:44 pmuszynski Status feedback => assigned
2018-04-27 08:56 ludovic Note Added: 0012855
2018-04-27 08:56 ludovic Status assigned => closed
2018-04-27 08:56 ludovic Resolution reopened => fixed
2018-04-27 08:56 ludovic Fixed in Version => 4.0.1