Anachon Posted December 12, 2023 Posted December 12, 2023 Hallo, ich habe ein neues Froxlor aufgesetzt und auch roundcube. Alles rennt soweit. Nur das Plugin password macht nicht das, was es soll. Wenn ich nach dem https://github.com/Froxlor/Froxlor/tree/extras/roundcube_plugins/password alles mache, kommt : konnte Passwort nicht ändern. Idee? Beste Grüße
0 d00p Posted December 12, 2023 Posted December 12, 2023 Log-Einträge von roundcube? Irgendwas hilfreiches?
0 Anachon Posted December 12, 2023 Author Posted December 12, 2023 ==> errors.log <== [12-Dec-2023 12:07:59 +0000]: <n7rq34rc> DB Error: [1064] You have an error in your SQL syntax; check the manual that corresponds to your MariaDB s erver version for the right syntax to use near '%c WHERE `username` = 'info@XXX.com'' at line 1 (SQL Query: UPDATE `mail_users` SET `password _enc` = %c WHERE `username` = 'info@XXX.com') in /var/customers/webs/webmailer/program/lib/Roundcube/rcube_db.php on line 567 (POST /?_task=s ettings&_action=plugin.password-save) In der config: // Froxlor: // If you do not want to have plaintext-passwords in your database (AND you know what // it means to turn this off, remove "`password` = %p," from the query. // $config['password_query'] = 'UPDATE `mail_users` SET `password_enc` = %c WHERE `username` = %u'; // By default the crypt() function which is used to create the '%c' // parameter uses the md5 algorithm. To use different algorithms // you can choose between: des, md5, blowfish, sha256, sha512. // Before using other hash functions than des or md5 please make sure // your operating system supports the other hash functions. $config['password_crypt_hash'] = 'sha256'; // By default domains in variables are using unicode. // Enable this option to use punycoded names $config['password_idn_ascii'] = false;
0 d00p Posted December 12, 2023 Posted December 12, 2023 Looks like they've changed the replacers. // The SQL query used to change the password. // The query can contain the following macros that will be expanded as follows: // %p is replaced with the plaintext new password // %P is replaced with the crypted/hashed new password // according to configured password_algorithm // %o is replaced with the old (current) password // %O is replaced with the crypted/hashed old (current) password // according to configured password_algorithm // %h is replaced with the imap host (from the session info) // %u is replaced with the username (from the session info) // %l is replaced with the local part of the username // (in case the username is an email address) // %d is replaced with the domain part of the username // (in case the username is an email address) So you'd have to use %P instead of %c
0 Anachon Posted December 12, 2023 Author Posted December 12, 2023 Dann kommt Fehler 600: [12-Dec-2023 12:18:54 +0000]: <n7rq34rc> PHP Error: Password plugin: Hash method not supported. in /var/customers/webs/webmailer/plugins/password/password.php on line 787 (POST /?_task=settings&_action=plugin.password-save) [12-Dec-2023 12:20:41 +0000]: <n7rq34rc> PHP Error: Password plugin: Hash method not supported. in /var/customers/webs/webmailer/plugins/password/password.php on line 787 (POST /?_task=settings&_action=plugin.password-save) In der DB sieht es so für das Passwort aus: {BLF-CRYPT}$2y$10$c5n2r5TJZ10Ughfh0LcJz.L ....
0 d00p Posted December 12, 2023 Posted December 12, 2023 welche hash methode hast du denn in der config für $config['password_algorithm'] angegeben?
0 Anachon Posted December 12, 2023 Author Posted December 12, 2023 die config Zeile war nicht da. Ich habe das jetzt mit blowfish gemacht. In der DB ist das Passwort jetzt so: $2y$12$1jeiKJv0EAQdgVaAS5kO Und Anmelden geht nicht mehr.
0 d00p Posted December 12, 2023 Posted December 12, 2023 dann hast du sicher die template config von uns 1:1 komplett kopiert. Roundcube hat da wohl einiges mehr angepasst. Nimm am besten immer die config.inc.php.dist und passe nur das nötigste an, siehe https://github.com/Froxlor/Froxlor/blob/extras/roundcube_plugins/password/README.md
0 Anachon Posted December 12, 2023 Author Posted December 12, 2023 (edited) Habe ich. Gleiches Problem. Setze ich das Passwort händisch über froxlor steht da: {BLF-CRYPT}$2y$10$niy3z/XiCf1ZeFJnlSV6oOdl.HFN nach dem Plugin $2y$10$niy3z/XiCf1ZeFJn Und: wieder kein login Edited December 12, 2023 by Anachon Fehler
0 d00p Posted December 12, 2023 Posted December 12, 2023 When setting passwords via froxlor ,they should be prefixed with the hash-algorithm, e.g. {ARGON2ID}$argon2id$v=19$m=65536,t=4,p=1$..... or {SHA256-CRYPT}$5$jUc6fv4qb..... or similar
0 Anachon Posted December 12, 2023 Author Posted December 12, 2023 Ubuntu 22.04. Log von roundcube [12-Dec-2023 12:37:43 +0000]: <tfoftrd8> IMAP Error: Login failed for info@XXX.com against localhost from cccccccccccc. AUTHENTICATE PLAIN: Authentication failed. in /var/customers/webs/webmailer/program/lib/Roundcube/rcube_imap.php on line 211 (POST /?_task=login&_action=login)
0 d00p Posted December 12, 2023 Posted December 12, 2023 nicht roundcube log, mail.log von deinem OS...dovecot/postfix ...
0 d00p Posted December 12, 2023 Posted December 12, 2023 24 minutes ago, d00p said: welche hash methode hast du denn in der config für $config['password_algorithm'] angegeben? das ist auch immernoch relevant...wenn ich mir den plugin code anschaue setzt er die prefixe genau wie froxlor wenn entsprechender Algorithmus angegeben ist...
0 Anachon Posted December 12, 2023 Author Posted December 12, 2023 Lösung, dank deiner Hilfe! $config['password_algorithm'] = 'blowfish-crypt'; // Additional options for password hashing function(s). // For password_hash()-based passwords see https://www.php.net/manual/en/function.password-hash.php // It can be used to set the Blowfish algorithm cost, e.g. ['cost' => 12] $config['password_algorithm_options'] = []; // Password prefix (e.g. {CRYPT}, {SHA}) for passwords generated // using password_algorithm above. Default: empty. $config['password_algorithm_prefix'] = '{BLF-CRYPT}'; Das unten musste zwingend rein!
Question
Anachon
Hallo,
ich habe ein neues Froxlor aufgesetzt und auch roundcube. Alles rennt soweit. Nur das Plugin password macht nicht das, was es soll.
Wenn ich nach dem https://github.com/Froxlor/Froxlor/tree/extras/roundcube_plugins/password alles mache, kommt : konnte Passwort nicht ändern.
Idee?
Beste Grüße
15 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now