Moving to new password scheme

KSB listeem at ksb.id.lv
Mon Jan 30 21:15:59 UTC 2017


On 2017.01.25. 10:09, Alessio Cecchi wrote:
> Il 24/01/2017 23:29, @lbutlr ha scritto:
>> dovecot is setup on a system with MD5-CRYPT password scheme for all
>> users, and I would like to update this to something that is secure,
>> probably SSHA256-CRYPT, but I want to do this seamlessly without the
>> users having to jump through any hoops.
>>
>> The users are in mySQL (managed via postfixadmin) and the mailbox
>> record simply stores the hash in the password field. Users access
>> their accounts though IMAP MUAs or Roundcube.
>>
>> How would I setup my system so that if a user logs in and still has a
>> $1$ password (MD5-CRYPT) their password will be encoded to the new
>> SHCEME and then the SQL row updated with the $5$ password instead?
>> Something where they are redirected after authentication to a page
>> that forces them to renter their password (or choose a new one) is
>> acceptable.
>>
>> And, while I am here, is it worthwhile to set the -r flag to a large
>> number (like something over 100,000 which sets takes about 0.25
>> seconds to do on my machine)?
>>
> Hi,
>
> you can convert password scheme during the login:
>
> http://wiki2.dovecot.org/HowTo/ConvertPasswordSchemes
>
> Ciao
>

I've done it with nice and short pg's stored procedure.

--
KSB


More information about the dovecot mailing list