Homepage | Products | OX Knowledge Base | Support | Try Now | Contact | Company
OX Logo
Results 1 to 2 of 2
  1. #1
    cyrixCrawler Guest

    Lightbulb It's all about Authentication........

    I have successfully installed OX on a Debian system.
    And using the OX Database as my authentication source for Cyrus, Exim, Funambol, OpenFire, OpenLDAP and a few PHP Applications....

    Here is the fun thing.... All passwords are SHA1.... :0
    No CRYPT here... And the system works fine.

    Here are a few important facts....
    When Open-Xchange stores SHA passwords it first runs a SHA hash. Then, capitalizes the result... And finally encodes it with base64. So, to properly check the password, it first needs to be base64 decoded then set to lowercase.

    The tricky part is getting a base64 decoder to work easily. Well, MYSQL to the rescue. Simply load a MySQL function to accomplish it at the query. Here is the url to a MYSQL function that accomplishes everything needed...http://wi-fizzle.com/downloads/base64.sql. Just load it into the OX database.

    Mixing this with pam-mysql (Which does SHA1 very well) results in a users.password.column of "lower(hex(BASE64_DECODE(user.userPassword)))" .

    No more syncing issues. One password change to rule them all.

    I've even got NSS working with the OX groups.......
    So, Cyrus fully supports Group ACLS... Just need to get the OX interface to see that groups are real. Ahem.... Developers, we would really like to have group acls in the IMAP.... Please....

    I even have Exim dealing with OX Groups... If an email is from a member of a specific group (broadcasters) and it is to (anothergroupname)@domain, it will automatically send a copy to all users of the "anothergroupname".

    So, all group management is within OX. No need for creation of group lists... It's all automatic babe....

    I have a few php appliations doing a query directly to the database, but would rather let pam deal with the authentication. And am having troubles getting php-pam to send a username... But that will be solved soon.....

  2. #2
    cyrixCrawler Guest

    Red face Authentication....

    Ok.... Forgot the little bit about the HEX command.....

    Once the SHA is decoded, it needs to be converted to HEX....
    HEX is how most systems check SHA.....
    Then to lowercase.....

    Something about being up way too late.......

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •