doveadm pw generates different hash each time it is invoked !?

reik red reikred at gmail.com
Sat Dec 20 05:55:51 UTC 2014


I am absolutely dumbfounded by "doveadm pw". My understanding is that
the command should be used to create a hashed password that should in
turn be placed into /etc/dovecot/passwd

Here comes the "dumbfounded" part. I was creating a new virtual user,
running doveadm pw to generate the hashed password. But when I tried to
login via imap, the password was rejected. So I started checking that I
had populated /etc/dovecot/passwd with the correct values, and in the
process I ran "doveadm pw" again to make certain I had not accidentally
pasted the wrong value along with a username.

(I'm re-submittting after setting up a subscription, so I don't have to wait for the moderator)
,
What happened next surprised me greatly: if I specify "-s ssha", the
resulting hashed password changes each time I invoke "doveadm pw", but
if I do not specify the hashing method, I get the same password each time (as I
expect). What on earth is going on here? There must be something
fundamental that I am missing.

==============================================
Illustrative example:

machine(user) 6136 > doveadm pw -u joebob
Enter new password:
Retype new password:
{CRAM-MD5}00747cf2ffaf11c5ea4a64979c3901fc1d20dee13f480bb598f7d8575b23e61b

machine(user) 6137 > doveadm pw -u joebob
Enter new password:
Retype new password:
{CRAM-MD5}00747cf2ffaf11c5ea4a64979c3901fc1d20dee13f480bb598f7d8575b23e61b
#SAME, as expected

machine(user) > doveadm pw -u glorg
Enter new password:
Retype new password:
{CRAM-MD5}00747cf2ffaf11c5ea4a64979c3901fc1d20dee13f480bb598f7d8575b23e61b
#another surprising behavior: The (virtual) username specified does not affect the hash!!!

machine(user) 6138 > doveadm pw -u joebob -s ssha
Enter new password:
Retype new password:
{SSHA}AtjINkQra967qIhU6khRED4U1x3aKwDi

machine(user) 6139 > doveadm pw -u joebob -s ssha
Enter new password:
Retype new password:
{SSHA}fZiFlHPKDn6ESM/gnUIcjJ14hRlH10DV
# DIFFERENT, very unexpected

==============================================

I'm on fedora 19, using dovecot.x86_64 version 1:2.2.15-1.fc19 per yum.



More information about the dovecot mailing list