Moving to new password scheme

Alessio Cecchi alessio at skye.it
Wed Jan 25 08:09:29 UTC 2017


Il 24/01/2017 23:29, @lbutlr ha scritto:
> dovecot is setup on a system with MD5-CRYPT password scheme for all users, and I would like to update this to something that is secure, probably SSHA256-CRYPT, but I want to do this seamlessly without the users having to jump through any hoops.
>
> The users are in mySQL (managed via postfixadmin) and the mailbox record simply stores the hash in the password field. Users access their accounts though IMAP MUAs or Roundcube.
>
> How would I setup my system so that if a user logs in and still has a $1$ password (MD5-CRYPT) their password will be encoded to the new SHCEME and then the SQL row updated with the $5$ password instead? Something where they are redirected after authentication to a page that forces them to renter their password (or choose a new one) is acceptable.
>
> And, while I am here, is it worthwhile to set the -r flag to a large number (like something over 100,000 which sets takes about 0.25 seconds to do on my machine)?
>
Hi,

you can convert password scheme during the login:

http://wiki2.dovecot.org/HowTo/ConvertPasswordSchemes

Ciao

-- 
Alessio Cecchi
Postmaster @ http://www.qboxmail.it
https://www.linkedin.com/in/alessice



More information about the dovecot mailing list