[Dovecot] bug in 99.13-rc2 in ldap md5 patch

Timo Sirainen tss at iki.fi
Wed Dec 29 12:55:08 EET 2004


On Wed, 2004-12-29 at 11:40 +0100, Farkas Levente wrote:
> > Hmm. That's a bit kludgy fix since then {PLAIN-MD5} would work
> > differently with LDAP. Maybe I'll just remove the special case from
> > password-scheme.c instead?
> 
> no this way it's correct. ldap's md5 is equal with plain-md5. in the 
> scheme you should recognize it and use the plain-md5 algorithm.
> anyway it works for me with openldap and md5;-)

Um. LDAP's MD5 = base64-encoded, Dovecot's PLAIN-MD5 = hex-encoded I
think. So with your patch it would be impossible to use hex-encoded MD5
passwords in LDAP because it decodes {PLAIN-MD5} in base64.

I think the LDAP kludges should affect only that if {MD5} password
doesn't begin with $1$, it would be assumed to be base64-encoded MD5
password.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://dovecot.org/pipermail/dovecot/attachments/20041229/a05d1044/attachment-0001.bin>


More information about the dovecot mailing list