1 Topic by qbercik (edited by qbercik 2015-02-12 05:43:10)

  • qbercik
  • Member
  • Offline
  • Registered: 2015-02-12
  • Posts: 2

Topic: usserPassword in clear text

Hi,

I have installed iReadMail with LDAP as backend. So far local authentication is working well. Next step is to use Pass-Through authentication to forward authentication for selective accounts to Microsoft AD.
Main requirement for this is having 'userPassword'  attribute in clear text to be able to add authentication method and AD user:
userPassword: {SASL}username@ad.domain.com

Where in iReadMail configuration I can setup, that passwords need to be stored in clear text ?

I found in some post that I need to change variables in settings.py file. Unfortunately it was about some older version (post date by year 2010) but I was able to find this same variables  in file default_settings.py:

#
DEFAULT_PASSWORD_SCHEME = 'PLAIN'

# Allow to store password in plain text.
# It will show a HTML checkbox to allow admin to store newly created user
# password or reset password in plain text. If not checked, password
# will be stored as encrypted.
STORE_PASSWORD_IN_PLAIN_TEXT_TEXT = True

Unfortunately it still doesn't work and password is still encrypted sad
userPassword:: e1NTSEF9Z3VuRkVqVlh4aXV6Y1F0T3NBVUJ6NDZidDlxUUNhS3g5S2RGbkE9PQ=

What I'm doing wrong ?
Or I'm doing right only this option is not accessible ?

Any help very welcome

Thanks
Irek


==== Required information ====
- iRedMail version: iReadMail-0.9.0
- Store mail accounts in which backend (LDAP/MYSQL/PSQL): LDAP
- Linux/BSD distribution name and version: Centos 6.6
- Related log if you're reporting an issue:
====

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: usserPassword in clear text

Try below steps:

*) Add below settings in iRedAdmin config file '/var/www/iredadmin/settings.py':

STORE_PASSWORD_IN_PLAIN_TEXT_TEXT = True

*) Update file '/var/www/iredadmin/libs/iredutils.py', find function 'generate_password_hash', it should look like below:

'def generate_password_hash(p, pwscheme=None):
    ...
    elif pwscheme == 'PLAIN':                                                   
        if settings.SQL_PASSWORD_PREFIX_SCHEME is True:                         
            pw = '{PLAIN}' + p                                                  
        else:                                                                   
            pw = p
    ...

Replace '{PLAIN}' by '{SASL}' to match your need.

*) Then restart Apache service or uwsgi service if you're running Nginx.

After restaring Apache/uwsgi service, when you go to user profile page in iRedAdmin, it will show you an additional checkbox to ask you whether password should be saved in plain text. Same checkbox will appear in user creation page.

IMPORTANT NOTE: it's strongly recommended to store hashed/encrypted password instead of plain text.

3 Reply by qbercik

  • qbercik
  • Member
  • Offline
  • Registered: 2015-02-12
  • Posts: 2

Re: usserPassword in clear text

Hi ZhangHuangbin,

Many Thanks for answer.
I have in mind that I shouldn't unencrypted passwords.
I'm working on it to avoid this smile

Thanks