Anachon Posted December 12, 2023 Share Posted December 12, 2023 Hallo, ich habe ein neues Froxlor aufgesetzt und auch roundcube. Alles rennt soweit. Nur das Plugin password macht nicht das, was es soll. Wenn ich nach dem https://github.com/Froxlor/Froxlor/tree/extras/roundcube_plugins/password alles mache, kommt : konnte Passwort nicht ändern. Idee? Beste Grüße Link to comment Share on other sites More sharing options...
0 d00p Posted December 12, 2023 Share Posted December 12, 2023 Log-Einträge von roundcube? Irgendwas hilfreiches? Link to comment Share on other sites More sharing options...
0 Anachon Posted December 12, 2023 Author Share Posted December 12, 2023 ==> errors.log <== [12-Dec-2023 12:07:59 +0000]: <n7rq34rc> DB Error: [1064] You have an error in your SQL syntax; check the manual that corresponds to your MariaDB s erver version for the right syntax to use near '%c WHERE `username` = 'info@XXX.com'' at line 1 (SQL Query: UPDATE `mail_users` SET `password _enc` = %c WHERE `username` = 'info@XXX.com') in /var/customers/webs/webmailer/program/lib/Roundcube/rcube_db.php on line 567 (POST /?_task=s ettings&_action=plugin.password-save) In der config: // Froxlor: // If you do not want to have plaintext-passwords in your database (AND you know what // it means to turn this off, remove "`password` = %p," from the query. // $config['password_query'] = 'UPDATE `mail_users` SET `password_enc` = %c WHERE `username` = %u'; // By default the crypt() function which is used to create the '%c' // parameter uses the md5 algorithm. To use different algorithms // you can choose between: des, md5, blowfish, sha256, sha512. // Before using other hash functions than des or md5 please make sure // your operating system supports the other hash functions. $config['password_crypt_hash'] = 'sha256'; // By default domains in variables are using unicode. // Enable this option to use punycoded names $config['password_idn_ascii'] = false; Link to comment Share on other sites More sharing options...
0 d00p Posted December 12, 2023 Share Posted December 12, 2023 Looks like they've changed the replacers. // The SQL query used to change the password. // The query can contain the following macros that will be expanded as follows: // %p is replaced with the plaintext new password // %P is replaced with the crypted/hashed new password // according to configured password_algorithm // %o is replaced with the old (current) password // %O is replaced with the crypted/hashed old (current) password // according to configured password_algorithm // %h is replaced with the imap host (from the session info) // %u is replaced with the username (from the session info) // %l is replaced with the local part of the username // (in case the username is an email address) // %d is replaced with the domain part of the username // (in case the username is an email address) So you'd have to use %P instead of %c Link to comment Share on other sites More sharing options...
0 Anachon Posted December 12, 2023 Author Share Posted December 12, 2023 Dann kommt Fehler 600: [12-Dec-2023 12:18:54 +0000]: <n7rq34rc> PHP Error: Password plugin: Hash method not supported. in /var/customers/webs/webmailer/plugins/password/password.php on line 787 (POST /?_task=settings&_action=plugin.password-save) [12-Dec-2023 12:20:41 +0000]: <n7rq34rc> PHP Error: Password plugin: Hash method not supported. in /var/customers/webs/webmailer/plugins/password/password.php on line 787 (POST /?_task=settings&_action=plugin.password-save) In der DB sieht es so für das Passwort aus: {BLF-CRYPT}$2y$10$c5n2r5TJZ10Ughfh0LcJz.L .... Link to comment Share on other sites More sharing options...
0 d00p Posted December 12, 2023 Share Posted December 12, 2023 welche hash methode hast du denn in der config für $config['password_algorithm'] angegeben? Link to comment Share on other sites More sharing options...
0 Anachon Posted December 12, 2023 Author Share Posted December 12, 2023 die config Zeile war nicht da. Ich habe das jetzt mit blowfish gemacht. In der DB ist das Passwort jetzt so: $2y$12$1jeiKJv0EAQdgVaAS5kO Und Anmelden geht nicht mehr. Link to comment Share on other sites More sharing options...
0 d00p Posted December 12, 2023 Share Posted December 12, 2023 dann hast du sicher die template config von uns 1:1 komplett kopiert. Roundcube hat da wohl einiges mehr angepasst. Nimm am besten immer die config.inc.php.dist und passe nur das nötigste an, siehe https://github.com/Froxlor/Froxlor/blob/extras/roundcube_plugins/password/README.md Link to comment Share on other sites More sharing options...
0 Anachon Posted December 12, 2023 Author Share Posted December 12, 2023 (edited) Habe ich. Gleiches Problem. Setze ich das Passwort händisch über froxlor steht da: {BLF-CRYPT}$2y$10$niy3z/XiCf1ZeFJnlSV6oOdl.HFN nach dem Plugin $2y$10$niy3z/XiCf1ZeFJn Und: wieder kein login Edited December 12, 2023 by Anachon Fehler Link to comment Share on other sites More sharing options...
0 d00p Posted December 12, 2023 Share Posted December 12, 2023 logs vom dovecot/postfix? Welches OS? Link to comment Share on other sites More sharing options...
0 d00p Posted December 12, 2023 Share Posted December 12, 2023 When setting passwords via froxlor ,they should be prefixed with the hash-algorithm, e.g. {ARGON2ID}$argon2id$v=19$m=65536,t=4,p=1$..... or {SHA256-CRYPT}$5$jUc6fv4qb..... or similar Link to comment Share on other sites More sharing options...
0 Anachon Posted December 12, 2023 Author Share Posted December 12, 2023 Ubuntu 22.04. Log von roundcube [12-Dec-2023 12:37:43 +0000]: <tfoftrd8> IMAP Error: Login failed for info@XXX.com against localhost from cccccccccccc. AUTHENTICATE PLAIN: Authentication failed. in /var/customers/webs/webmailer/program/lib/Roundcube/rcube_imap.php on line 211 (POST /?_task=login&_action=login) Link to comment Share on other sites More sharing options...
0 d00p Posted December 12, 2023 Share Posted December 12, 2023 nicht roundcube log, mail.log von deinem OS...dovecot/postfix ... Link to comment Share on other sites More sharing options...
0 d00p Posted December 12, 2023 Share Posted December 12, 2023 24 minutes ago, d00p said: welche hash methode hast du denn in der config für $config['password_algorithm'] angegeben? das ist auch immernoch relevant...wenn ich mir den plugin code anschaue setzt er die prefixe genau wie froxlor wenn entsprechender Algorithmus angegeben ist... Link to comment Share on other sites More sharing options...
0 Anachon Posted December 12, 2023 Author Share Posted December 12, 2023 Lösung, dank deiner Hilfe! $config['password_algorithm'] = 'blowfish-crypt'; // Additional options for password hashing function(s). // For password_hash()-based passwords see https://www.php.net/manual/en/function.password-hash.php // It can be used to set the Blowfish algorithm cost, e.g. ['cost' => 12] $config['password_algorithm_options'] = []; // Password prefix (e.g. {CRYPT}, {SHA}) for passwords generated // using password_algorithm above. Default: empty. $config['password_algorithm_prefix'] = '{BLF-CRYPT}'; Das unten musste zwingend rein! Link to comment Share on other sites More sharing options...
0 Anachon Posted December 12, 2023 Author Share Posted December 12, 2023 Dir ein dickes Danke! Link to comment Share on other sites More sharing options...
Question
Anachon
Hallo,
ich habe ein neues Froxlor aufgesetzt und auch roundcube. Alles rennt soweit. Nur das Plugin password macht nicht das, was es soll.
Wenn ich nach dem https://github.com/Froxlor/Froxlor/tree/extras/roundcube_plugins/password alles mache, kommt : konnte Passwort nicht ändern.
Idee?
Beste Grüße
Link to comment
Share on other sites
15 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now