[Dovecot] Using dovecot with wordpress/phpass passwords?

Joan aseques at gmail.com
Thu Mar 17 13:01:08 EET 2011


To sum up:

>> Wordpress and others are using phpass to authenticate
>> (http://www.openwall.com/phpass/), it is basically a salted md5 hash.
>> Basically, after the process, a hash like this is obtained.
>>
>>  $P$BiWISc3IsqRHxeEjq4VJP1Vi8gy4mg1 (for test123 password)
>>
>> I would like to know if dovecot would be able to read this,
>
> It can't. But if you're using Openwall, apparently its crypt() supports
> this and Dovecot doesn't need to.
Unfortunately, that stuff isn't include in any major distribution, had
to look on the other options
>
>> I could still make a custom checkpassword function but that would be
>> non-optimal.
I created a checkpass script to verify the passwords. For anyone
looking for this, I got some good information here:

.- Implementation of custom checkpassword in perl, with a sample testing script:
http://wiki.qpsmtpd.org/plugins:auth:authcheckpassword

.- Phpass implementation for perl
http://search.cpan.org/~zefram/Authen-Passphrase/lib/Authen/Passphrase/PHPass.pm

For the dovecot part, just add in the passdb section from dovecot.conf this:

  passdb checkpassword {
    args = /etc/dovecot/checkpassword.pl
  }


More information about the dovecot mailing list