Announcement

Collapse
No announcement yet.

It's all about Authentication........

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • It's all about Authentication........

    I have successfully installed OX on a Debian system.
    And using the OX Database as my authentication source for Cyrus, Exim, Funambol, OpenFire, OpenLDAP and a few PHP Applications....

    Here is the fun thing.... All passwords are SHA1.... :0
    No CRYPT here... And the system works fine.

    Here are a few important facts....
    When Open-Xchange stores SHA passwords it first runs a SHA hash. Then, capitalizes the result... And finally encodes it with base64. So, to properly check the password, it first needs to be base64 decoded then set to lowercase.

    The tricky part is getting a base64 decoder to work easily. Well, MYSQL to the rescue. Simply load a MySQL function to accomplish it at the query. Here is the url to a MYSQL function that accomplishes everything needed...http://wi-fizzle.com/downloads/base64.sql. Just load it into the OX database.

    Mixing this with pam-mysql (Which does SHA1 very well) results in a users.password.column of "lower(hex(BASE64_DECODE(user.userPassword)))" .

    No more syncing issues. One password change to rule them all.

    I've even got NSS working with the OX groups.......
    So, Cyrus fully supports Group ACLS... Just need to get the OX interface to see that groups are real. Ahem.... Developers, we would really like to have group acls in the IMAP.... Please....

    I even have Exim dealing with OX Groups... If an email is from a member of a specific group (broadcasters) and it is to (anothergroupname)@domain, it will automatically send a copy to all users of the "anothergroupname".

    So, all group management is within OX. No need for creation of group lists... It's all automatic babe....

    I have a few php appliations doing a query directly to the database, but would rather let pam deal with the authentication. And am having troubles getting php-pam to send a username... But that will be solved soon.....

  • #2
    Authentication....

    Ok.... Forgot the little bit about the HEX command.....

    Once the SHA is decoded, it needs to be converted to HEX....
    HEX is how most systems check SHA.....
    Then to lowercase.....

    Something about being up way too late.......

    Comment

    Working...
    X