On 2025-11-10 09:15, Aki Tuomi via dovecot wrote:
Also the very next line in the very same documentation says:
Dovecot uses libc's crypt() function, which means that CRYPT is usually able to recognize MD5-CRYPT and possibly also other password schemes. See all of the *-CRYPT schemes at the top of this page.
This is true. I still found it confusing. Why mention DES crypt at all? There is a separate DES-CRYPT entry/scheme anyway.
I'd change it like so:
CRYPT
Password is encrypted.
Dovecot uses libc's crypt() function, which means that it is able to recognize
all password schemes available on your system (e.g. the ones used in /etc/passwd)
The second part should be moved to the DES-CRYPT section:
DES-CRYPT
Traditional DES based hash.
The DES-crypt scheme only uses the first 8 characters of the password, the rest is ignored. Other schemes may have other password length limitations (if they limit the password length at all).
Changed: 2.4.0
Disabled by default.
Do you accept a PR? I'd love to propose above changes to the documentation.
Actually the default for passwd-file is CRYPT.
passdb_passwd_file { passdb_default_password_scheme = CRYPT }
but not sure why it's not working correctly, so this is a bug.
Thanks for the info. I am not happy with a bug, but with the fact that PLAIN is not the default. ;-)
Cheers, K. C.