Homepage | Products | OX Knowledge Base | Support | Try Now | Contact | Company
OX Logo
Results 1 to 8 of 8
  1. #1
    JayC Guest

    Default Password synchrnisation OX --> Postfix/Cyrus

    Hi everyone,

    I have a problem with password synchronization between OX and Cyrus/Postfix.

    Whenever a user changes his password in OX, he locks himself out of Cyrus/Postfix, because there he still has the old password.

    What I initially had in mind was to install a database trigger in the OX database (oxdb_6) that would update the password in the cyrus/postfix db (mail) whenever the user changes his ox password.

    The problem I now encounter is that the password encryption in ox is always different from those selectable in C/P.

    My idea is now to still have a trigger that writes the passwords to an additional table in the db, and having a java program running in the background that checks that table for changes.
    Whenever that new password is set in the oxdb_6, the program will convert the stored password from the ox encryption to one of the other encryptions/hashes (crypt, mysql, md5).

    However, this still seems a bit unpractical.
    Plus, I dont know how to get the plaintext password back from the OX-encrypted one.

    So what I'm asking is this: does any1 know how to encrypt/decrypt the stored OX passwords? Or is there an easier solution to this problem? (like re-compiling ox with a different crypto lib or sth?)

    Thanx in advance!

  2. #2
    cyrixCrawler Guest

    Default PAM supports SHA.....

    Just use PAM for Postfix and Cyrus....
    Then use pam-mysql....

    Load a base64 function into your MySql OX Database....
    And set your Pam-Mysql users.password_column to "lower(hex(BASE64_DECODE(user.userPassword)))" ...
    Change BASE64_DECODE to the Sql function you wish to use....

    Ensure that your passwords are set to SHA....
    Have fun.....

  3. #3
    cyrixCrawler Guest


    And your pam-mysql has "users.password_crypt" is set to SHA1....

    Gotta sleep...

  4. #4
    Carsten Hoeger is offline Open-Xchange Professional Services
    Join Date
    Mar 2007

  5. #5
    cyrixCrawler Guest

    Default Why?

    Why have two separate Authentication sources?

    This *will* lead to synchronization problems.

    I just wish OX had the flexibility to auth with PAM, POSTGRES, SAMBA or any other auth sources....

  6. #6
    Carsten Hoeger is offline Open-Xchange Professional Services
    Join Date
    Mar 2007


    OX actually *has* a flexible authentication mechanism.
    Everybody can write own authentication mechanisms.

  7. #7
    cyrixCrawler Guest


    And I could rewrite the whole database schema to provide for a simpler system.
    I could even re-implement the IMAP function work with LEMONADE compliant systems. Even adding a function to become a pure client certificate system... Who needs usernames/passwords anyway?

    Wouldn't it be nice to have a few easy lines to modify to direct to the auth source?

    This is where an Out of the Box experience will sell more products than a system that requires major customization......

  8. #8
    cyrixCrawler Guest


    Even further.....
    Why does OX make the SHA1 password so complex?
    Why can't it simply be a standard HEX representation of a SHA1?

    This would make it compliant with most authentication mechanisms?

    Instead it is a Base64 encoded string of SHA1.....
    Where did this complexity enter the system?


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts