On 04/01/2014 08:56 AM, Dwain Blazej wrote:
I'm writing some code for Posty, a Postfix and Dovecot Administration App. One way to support all of dovecot's password hashes is to have "dovecot pw" do the work, however I don't want to run the web facing Posty as root or the same user as Dovecot.
Is the output of "dovecot pw" is effected by the contents of the configuration files? What in the configuration file does "dovecot pw" require to operate?
I personally care about SHA512-crypt support, so I just called an outside library to generate the hash. However, others might want to use a different scheme, or Dovecot might not have support for SHA512-crypt on other systems (I think Mac OS X is an example). Hence the elegance of using dovecot pw to do all the work. If a normal user can call dovecot pw, then I'll add back in that code.
Well if you're using an external library for one scheme, you may just as well use your own code for other schemes. For example:
require 'digest' require 'base64'
hash = '{SSHA512.b64}' + Base64.strict_encode64( Digest::SHA512.digest("#{secret}#{salt}") + salt )
IMO there's no need to call external program for this.