On 2/20/19 5:09 AM, Yassine Chaouche via dovecot wrote:
On 2/12/19 5:05 PM, Robert Moskowitz via dovecot wrote:
I have trying to find how to set the dovecot-sql.conf for using SHA256/512. I am going to start clean with the stronger format, not migrate from the old MD5. It seems all I need is: [...] default_pass_scheme = SHAxxx-CRYPT [...]
How do your users change their password ?
Many never do! Those that do, use the Roundcube plugin, or ask me to change their password via the Postfixadmin manager. Sigh.
Here's how I configured my roundcube's password plugin to keep things together ($roundcubefolder/plugins/password/config.php)
$config['password_algorithm'] = 'dovecot'; $config['password_algorithm_prefix'] = '{SHA512-CRYPT}'; $config['password_dovecotpw_method'] = 'SHA512-CRYPT'; $config['password_query'] = "UPDATE mail.users SET password=%P WHERE email=%u LIMIT 1";
I left other fields alone.
Yassine.
Thanks much better info than I was seeing in my googling. Except I would not use %p:
// The SQL query used to change the password. // The query can contain the following macros that will be expanded as follows: // %p is replaced with the plaintext new password // %c is replaced with the crypt version of the new password, MD5 if available // otherwise DES. // %D is replaced with the dovecotpw-crypted version of the new password // %o is replaced with the password before the change // %n is replaced with the hashed version of the new password // %q is replaced with the hashed password before the change // %h is replaced with the imap host (from the session info) // %u is replaced with the username (from the session info) // %l is replaced with the local part of the username // (in case the username is an email address) // %d is replaced with the domain part of the username // (in case the username is an email address)
%D seems to be what I want...
And in mysql, I believe the table is mailbox.
$rcmail_config['password_query'] = "UPDATE mailbox SET password = %D, modified = NOW() WHERE username = %u";
I got from: https://kaworu.ch/blog/2016/04/20/strong-crypt-scheme-with-dovecot-postfixad...
thanks!