Pascal Volk wrote:
On 01/26/2013 01:04 AM Public wrote:
In the wiki http://wiki2.dovecot.org/Authentication/PasswordSchemes BLF-CRYPT is listed, but i can't use it. "doveadm pw -l" doesn't show it. And i'm unsure about how I am supposed to use the different SHA schemes, since they always output different hashes for the same password. MD5 is working fine, but I'd rather not use it. Is the wiki outdated or how do i get BLF-CRYPT working?
Your system's libc doesn't support Blowfish crypt, as mentioned in doveadm-pw(1) <http://wiki2.dovecot.org/Tools/Doveadm/Pw#section_options>.
The crypt-hashes are salted hashes.
doveadm pw
generates a random salt, each time it is invoked. Therefore you will see different hashes, even when you enter the same password multiple times.
Does the doveadm pw tool provide a way to check a plaintext password against a user's hash from the passdb? This would be useful to do some security checks without actually logging the users in which would update their lastlogin timestamp.