[Dovecot] Migarting password scheme
lst_hoe02 at kwsoft.de
lst_hoe02 at kwsoft.de
Fri Mar 22 13:59:53 EET 2013
Zitat von Timo Sirainen <tss at iki.fi>:
> On 21.3.2013, at 18.51, lst_hoe02 at kwsoft.de wrote:
>
>> Hello,
>>
>> by the move to Dovecot we try to alter the password encryption
>> stored in the database from MD5 to CRYPT-SHA256 along the Guide at
>> http://wiki2.dovecot.org/HowTo/ConvertPasswordSchemes. It's mostly
>> working but i still have not found out how to pass the cleartext
>> password to the re-encrypting script. According to the HowTo it
>> should be enough to add "'%w' AS userdb_plain_pass" to the passdb
>> query, to get a environment variable $PLAIN_PASS in the post-login
>> script to pass along.
>> This does not work eg. PLAIN_PASS is always empty. This is Dovecot
>> 2.0.19 from Ubuntu 12.04 LTS.
>
> userdb_plain_pass method requires that you use userdb prefetch.
>
> And Daryl's method of using %w in regular userdb .. I'm not really
> sure how well that works. Could easily be that different Dovecot
> versions behave differently.
Hello,
with "userdb prefetch" it works. Sorry it was not clear to me that
userdb prefetch *must* be used to get *this* userdb setting to work.
Maybe it should be listed at
http://wiki2.dovecot.org/HowTo/ConvertPasswordSchemes. Furthermore the
example listed there does a migration from CRYPT to SHA256 (salted)
but not CRYPT-SHA256 which is recommended, no?
Regards
Andreas
More information about the dovecot
mailing list