UK Webmaster Talk - Online Marketing - SEO - View Single Post - Does anyone know how CPanel encrypts email account passwords?

IsaacSchlueter · 10-09-2005, 17:46

First of all, before any admins get upset, I am NOT talking about or even thinking about cracking anyone's password, or doing anything else illegal or even mildly immoral (yes, I've read the forum rules.)

I am building a community portal site, and would like to create email accounts that my users can access. However, I don't want to have to create an account manually for each person. So, that means building a script that automagically creates the email account when a new user signs up. I have CPanel installed on this domain, and I've almost figured out how to do this, but I'm running into a bit of a snag.

If my CPanel username is "my_username", and I'm administrating the domain "domain.name.com", and creating an email address for "email_username@domain.name.com", then CPanel stores the email account in the folowing way:

1. A file is created at /home/my_username/mail/domain.name.com/email_username/inbox that holds their messages. (Horde also creates INBOX.sent, INBOX.drafts, INBOX.trash, and files for any other mailboxes that the user creates.)

2. An entry is added in /home/my_username/etc/domain.name.com/passwd file that looks like this:
email_username:x:32007:32008::/home/my_username/mail/domain.name.com/email_username:/usr/local/cpanel/bin/noshell
The "x" specifies that the encrypted password is located in "shadow" in the same folder.

3. an entry is added in /home/my_username/etc/domain.name.com/quota with the user's quota in bytes, like this:
email_user:10485760

4. (This is the tricky part) an entry with the encrypted password is added to /home/my_username/etc/domain.name.com/shadow that looks like this:
email_user:$1$84AQXJ5s$yLdOVIwo.qYKZlssK6YIb0::::: ::
Now, everything between the first : and the line of :::s is the encrypted password. (It's a map table, like passwd, separated by :s.)

I can do everything else programmatically, but I can't figure out what CPanel is using to encrypt these passwords. (It's definitely NOT md5.) If I knew that, then that would be the last piece, and I could automatically create accounts for my users. Like I said, I'm not interested in "cracking" their passwords - I only want to generate an encrypted password programmatically.

Thanks for any help anyone can provide.

--
Isaac Z. Schlueter
http://isaacschlueter.com

10-09-2005, 17:46	#1 (permalink)
IsaacSchlueter Newbie Join Date: Sep 2005 Posts: 1 iTrader: 0 / 0%	Does anyone know how CPanel encrypts email account passwords? First of all, before any admins get upset, I am NOT talking about or even thinking about cracking anyone's password, or doing anything else illegal or even mildly immoral (yes, I've read the forum rules.) I am building a community portal site, and would like to create email accounts that my users can access. However, I don't want to have to create an account manually for each person. So, that means building a script that automagically creates the email account when a new user signs up. I have CPanel installed on this domain, and I've almost figured out how to do this, but I'm running into a bit of a snag. If my CPanel username is "my_username", and I'm administrating the domain "domain.name.com", and creating an email address for "email_username@domain.name.com", then CPanel stores the email account in the folowing way: 1. A file is created at /home/my_username/mail/domain.name.com/email_username/inbox that holds their messages. (Horde also creates INBOX.sent, INBOX.drafts, INBOX.trash, and files for any other mailboxes that the user creates.) 2. An entry is added in /home/my_username/etc/domain.name.com/passwd file that looks like this: email_username:x:32007:32008::/home/my_username/mail/domain.name.com/email_username:/usr/local/cpanel/bin/noshell The "x" specifies that the encrypted password is located in "shadow" in the same folder. 3. an entry is added in /home/my_username/etc/domain.name.com/quota with the user's quota in bytes, like this: email_user:10485760 4. (This is the tricky part) an entry with the encrypted password is added to /home/my_username/etc/domain.name.com/shadow that looks like this: email_user:$1$84AQXJ5s$yLdOVIwo.qYKZlssK6YIb0::::: :: Now, everything between the first : and the line of :::s is the encrypted password. (It's a map table, like passwd, separated by :s.) I can do everything else programmatically, but I can't figure out what CPanel is using to encrypt these passwords. (It's definitely NOT md5.) If I knew that, then that would be the last piece, and I could automatically create accounts for my users. Like I said, I'm not interested in "cracking" their passwords - I only want to generate an encrypted password programmatically. Thanks for any help anyone can provide. -- Isaac Z. Schlueter http://isaacschlueter.com

Thread: Does anyone know how CPanel encrypts email account passwords? View Single Post

Thread: Does anyone know how CPanel encrypts email account passwords?
View Single Post