Home/ Questions/Q 9151261
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T11:45:42+00:00

Ok, so I have VERY weird problem with my courier installation.. When I try

  • 0

Ok, so I have VERY weird problem with my courier installation.. When I try to log in, I need username and password right? Except that I can as password use any string, which has prefix same like my password. Example:

let say that this is my password:

#password#

I can successfully log in with ANY of the following passwords:

#password#
#password#FOO
#password#BAR

etc..

I am using mysql for storing user data, this is my /etc/courier/authmysqlrc

MYSQL_SERVER localhost
MYSQL_USERNAME #USER
MYSQL_PASSWORD #PASSWORD
MYSQL_PORT 0
MYSQL_DATABASE mail
MYSQL_USER_TABLE users
MYSQL_CRYPT_PWFIELD password
#MYSQL_CLEAR_PWFIELD password
MYSQL_UID_FIELD 5000
MYSQL_GID_FIELD 5000
MYSQL_LOGIN_FIELD email
MYSQL_HOME_FIELD "/home/vmail"
MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')
#MYSQL_NAME_FIELD
MYSQL_QUOTA_FIELD quota

Where could be a problem? Thanks in advance for your help

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The problem is that the passwords are crypted by using the operating system’s crypt() function, which looks only at the first 8 characters of the password to generate the encrypted hash.
    As explained here:

    If you have a password longer than 8 characters, as long as the first
    8 characters match, crypt() will call it a valid match. For example,
    if your password is “password” and is stored as a crypted hash in a
    htpasswd file, checking against “passwordX” will be exactly the same
    as checking against “password”, “password123″, and so on; that is, it
    will be returned as a valid check because the first 8 characters match
    properly. Similarly, if your password is “longpassword” and you check
    against only “longpass”, that will be returned as valid, too.

    • 0