[Dovecot] password schemes in dovecot

Daniel Parthey daniel.parthey at informatik.tu-chemnitz.de
Mon Jan 28 00:21:38 EET 2013


Pascal Volk wrote:
> On 01/26/2013 01:04 AM Public wrote:
> > In the wiki http://wiki2.dovecot.org/Authentication/PasswordSchemes
> > BLF-CRYPT is listed, but i can't use it. "doveadm pw -l" doesn't show it.
> > And i'm unsure about how I am supposed to use the different SHA schemes,
> > since they always output different hashes for the same password. MD5 is
> > working fine, but I'd rather not use it. 
> > Is the wiki outdated or how do i get BLF-CRYPT working?
> 
> Your system's libc doesn't support Blowfish crypt, as mentioned in
> doveadm-pw(1) <http://wiki2.dovecot.org/Tools/Doveadm/Pw#section_options>.
> 
> The crypt-hashes are salted hashes. `doveadm pw` generates a random
> salt, each time it is invoked. Therefore you will see different hashes,
> even when you enter the same password multiple times.

Does the doveadm pw tool provide a way to check a plaintext password
against a user's hash from the passdb? This would be useful to do some
security checks without actually logging the users in which would update
their lastlogin timestamp.

Regards
Daniel
-- 
https://plus.google.com/103021802792276734820



More information about the dovecot mailing list