Does anyone know how CPanel encrypts email account passwords?

IsaacSchlueter · 10-09-2005, 17:46

First of all, before any admins get upset, I am NOT talking about or even thinking about cracking anyone's password, or doing anything else illegal or even mildly immoral (yes, I've read the forum rules.)

I am building a community portal site, and would like to create email accounts that my users can access. However, I don't want to have to create an account manually for each person. So, that means building a script that automagically creates the email account when a new user signs up. I have CPanel installed on this domain, and I've almost figured out how to do this, but I'm running into a bit of a snag.

If my CPanel username is "my_username", and I'm administrating the domain "domain.name.com", and creating an email address for "email_username@domain.name.com", then CPanel stores the email account in the folowing way:

1. A file is created at /home/my_username/mail/domain.name.com/email_username/inbox that holds their messages. (Horde also creates INBOX.sent, INBOX.drafts, INBOX.trash, and files for any other mailboxes that the user creates.)

2. An entry is added in /home/my_username/etc/domain.name.com/passwd file that looks like this:
email_username:x:32007:32008::/home/my_username/mail/domain.name.com/email_username:/usr/local/cpanel/bin/noshell
The "x" specifies that the encrypted password is located in "shadow" in the same folder.

3. an entry is added in /home/my_username/etc/domain.name.com/quota with the user's quota in bytes, like this:
email_user:10485760

4. (This is the tricky part) an entry with the encrypted password is added to /home/my_username/etc/domain.name.com/shadow that looks like this:
email_user:$1$84AQXJ5s$yLdOVIwo.qYKZlssK6YIb0::::: ::
Now, everything between the first : and the line of :::s is the encrypted password. (It's a map table, like passwd, separated by :s.)

I can do everything else programmatically, but I can't figure out what CPanel is using to encrypt these passwords. (It's definitely NOT md5.) If I knew that, then that would be the last piece, and I could automatically create accounts for my users. Like I said, I'm not interested in "cracking" their passwords - I only want to generate an encrypted password programmatically.

Thanks for any help anyone can provide.

--
Isaac Z. Schlueter
http://isaacschlueter.com

**monaghan** · 10-09-2005, 18:13

Why not just call the create email account page in cpanel ? I'm almost certain I've seen this done before, perhaps try the cpanel forums.

10-09-2005, 17:46	#1 (permalink)
IsaacSchlueter Newbie Join Date: Sep 2005 Posts: 1 iTrader: 0 / 0%	Does anyone know how CPanel encrypts email account passwords? First of all, before any admins get upset, I am NOT talking about or even thinking about cracking anyone's password, or doing anything else illegal or even mildly immoral (yes, I've read the forum rules.) I am building a community portal site, and would like to create email accounts that my users can access. However, I don't want to have to create an account manually for each person. So, that means building a script that automagically creates the email account when a new user signs up. I have CPanel installed on this domain, and I've almost figured out how to do this, but I'm running into a bit of a snag. If my CPanel username is "my_username", and I'm administrating the domain "domain.name.com", and creating an email address for "email_username@domain.name.com", then CPanel stores the email account in the folowing way: 1. A file is created at /home/my_username/mail/domain.name.com/email_username/inbox that holds their messages. (Horde also creates INBOX.sent, INBOX.drafts, INBOX.trash, and files for any other mailboxes that the user creates.) 2. An entry is added in /home/my_username/etc/domain.name.com/passwd file that looks like this: email_username:x:32007:32008::/home/my_username/mail/domain.name.com/email_username:/usr/local/cpanel/bin/noshell The "x" specifies that the encrypted password is located in "shadow" in the same folder. 3. an entry is added in /home/my_username/etc/domain.name.com/quota with the user's quota in bytes, like this: email_user:10485760 4. (This is the tricky part) an entry with the encrypted password is added to /home/my_username/etc/domain.name.com/shadow that looks like this: email_user:$1$84AQXJ5s$yLdOVIwo.qYKZlssK6YIb0::::: :: Now, everything between the first : and the line of :::s is the encrypted password. (It's a map table, like passwd, separated by :s.) I can do everything else programmatically, but I can't figure out what CPanel is using to encrypt these passwords. (It's definitely NOT md5.) If I knew that, then that would be the last piece, and I could automatically create accounts for my users. Like I said, I'm not interested in "cracking" their passwords - I only want to generate an encrypted password programmatically. Thanks for any help anyone can provide. -- Isaac Z. Schlueter http://isaacschlueter.com

10-09-2005, 18:13	#2 (permalink)
monaghan Super Moderator Join Date: Mar 2005 Location: Herts, UK Posts: 1,026 iTrader: 1 / 100%	Why not just call the create email account page in cpanel ? I'm almost certain I've seen this done before, perhaps try the cpanel forums. __________________ Alex Monaghan - Monaghan Consultants Ltd Web hosting, ADSL, IT & Database consultancy Custom Web hosting on UK or USA servers using Linux (cPanel) or Windows (DotNetPanel) Mobile Phone Ringtones, Logos, Java Games & more

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
IRCD account location?	Goster	Hosting Forum	2	07-08-2008 07:39
hostgator, reseller account	benf	Hosting Forum	10	28-03-2007 11:46
Account Upgrades	Wistow	Forum Announcements	3	05-05-2005 17:32

Does anyone know how CPanel encrypts email account passwords?

Does anyone know how CPanel encrypts email account passwords?

Similar Threads