James Mail Server Password Encoding From PHP

[Buglish <sj...@ieee.org>]

Hi,
I am writing a PHP website server administration component for the MYSQL
database used by James Mail server.

When I encode the password in PHP using MD5, Crypt, SHA, SHA1 or use MSQL
encoding functions (MD5 or SHA) when I try to send mail to the Java server
it keeps telling me "ERROR smtpserver: AUTH method LOGIN failed".

1)In PHP what encoding should I use so the JavaMail API can encode the
authentication the same way?
2) If I want to use no encoding what code do I put in the pwdAlgorithm
field?

PHP Version 5.2.6
Apache 2.0 Handler
James 2.3.1

What I am trying to solve is to find out the encryption format of James.
Does James encrypt the passwords itself when a new mailbox is created or
JavaMail's security class?

You will notice my second question is what code does james or javamail use
when no encryption is used. (e.g. pwdAlgorithm). This field is the MySQL
field used to store the encryption type.

James still has to encrypt the password in the format which is specified to
verify the password.

Thus my main question, why does PHP encoding not match James's encoding?

In PHP the same encoding format should be used.

PHP uses :
SHA1 - RFC 3174 - US Secure Hash Algorithm 1 (SHA1)
MD5 - RSA Data Security, Inc. MD5 Message-Digest Algorithm

-- 
View this message in context: http://www.nabble.com/James-Mail-Server-Password-Encoding-From-PHP-tp22347592p22347592.html
Sent from the James - Users mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org

Re: James Mail Server Password Encoding From PHP

[Buglish <sj...@ieee.org>]

Thanks it works great now. 

It did however have 4 characters at the end which was not the same as James
SHA-1, thus i cut it out and now authentication works through the mail
server.

substr(base64_encode(sha1($password, true)),0,-4)

Regards,
Jaco
-- 
View this message in context: http://www.nabble.com/James-Mail-Server-Password-Encoding-From-PHP-tp22347592p22348565.html
Sent from the James - Users mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org

Re: James Mail Server Password Encoding From PHP

[Stefano Bagnara <ap...@bago.org>]

IIRC James Server does a base64 encoding of the *binary* hash returned
from the SHA1 algorythm described by the RFC you linked.

php sha1() function does instead an HEX encoding of the hash.

So, either you have php 5 and you use the raw_output parameter in your
sha1 call, or you hex decode the string returned by php5. You'll then
have to encode in base64 it.

e.g:
base64_encode(sha1($pass, true));

didn't test it, but theoretically working.

Stefano

Buglish ha scritto:
> Hi,
> I am writing a PHP website server administration component for the MYSQL
> database used by James Mail server.
> 
> When I encode the password in PHP using MD5, Crypt, SHA, SHA1 or use MSQL
> encoding functions (MD5 or SHA) when I try to send mail to the Java server
> it keeps telling me "ERROR smtpserver: AUTH method LOGIN failed".
> 
> 1)In PHP what encoding should I use so the JavaMail API can encode the
> authentication the same way?
> 2) If I want to use no encoding what code do I put in the pwdAlgorithm
> field?
> 
> PHP Version 5.2.6
> Apache 2.0 Handler
> James 2.3.1
> 
> What I am trying to solve is to find out the encryption format of James.
> Does James encrypt the passwords itself when a new mailbox is created or
> JavaMail's security class?
> 
> You will notice my second question is what code does james or javamail use
> when no encryption is used. (e.g. pwdAlgorithm). This field is the MySQL
> field used to store the encryption type.
> 
> James still has to encrypt the password in the format which is specified to
> verify the password.
> 
> Thus my main question, why does PHP encoding not match James's encoding?
> 
> In PHP the same encoding format should be used.
> 
> PHP uses :
> SHA1 - RFC 3174 - US Secure Hash Algorithm 1 (SHA1)
> MD5 - RSA Data Security, Inc. MD5 Message-Digest Algorithm
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org