[Dovecot] password schemes in dovecot
Hey there,
I'm using the latest dovecot 2.1.13
In the wiki http://wiki2.dovecot.org/Authentication/PasswordSchemes BLF-CRYPT is listed, but i can't use it. "doveadm pw -l" doesn't show it. And i'm unsure about how I am supposed to use the different SHA schemes, since they always output different hashes for the same password. MD5 is working fine, but I'd rather not use it. Is the wiki outdated or how do i get BLF-CRYPT working?
thanks, simon
On 01/26/2013 01:04 AM Public wrote:
Hey there,
I'm using the latest dovecot 2.1.13
In the wiki http://wiki2.dovecot.org/Authentication/PasswordSchemes BLF-CRYPT is listed, but i can't use it. "doveadm pw -l" doesn't show it. And i'm unsure about how I am supposed to use the different SHA schemes, since they always output different hashes for the same password. MD5 is working fine, but I'd rather not use it. Is the wiki outdated or how do i get BLF-CRYPT working?
Your system's libc doesn't support Blowfish crypt, as mentioned in doveadm-pw(1) http://wiki2.dovecot.org/Tools/Doveadm/Pw#section_options.
The crypt-hashes are salted hashes. doveadm pw generates a random
salt, each time it is invoked. Therefore you will see different hashes,
even when you enter the same password multiple times.
Regards, Pascal
The trapper recommends today: defaced.1302700@localdomain.org
Pascal Volk wrote:
On 01/26/2013 01:04 AM Public wrote:
In the wiki http://wiki2.dovecot.org/Authentication/PasswordSchemes BLF-CRYPT is listed, but i can't use it. "doveadm pw -l" doesn't show it. And i'm unsure about how I am supposed to use the different SHA schemes, since they always output different hashes for the same password. MD5 is working fine, but I'd rather not use it. Is the wiki outdated or how do i get BLF-CRYPT working?
Your system's libc doesn't support Blowfish crypt, as mentioned in doveadm-pw(1) http://wiki2.dovecot.org/Tools/Doveadm/Pw#section_options.
The crypt-hashes are salted hashes.
doveadm pwgenerates a random salt, each time it is invoked. Therefore you will see different hashes, even when you enter the same password multiple times.
Does the doveadm pw tool provide a way to check a plaintext password against a user's hash from the passdb? This would be useful to do some security checks without actually logging the users in which would update their lastlogin timestamp.
Regards Daniel
On 01/27/2013 11:21 PM Daniel Parthey wrote:
Does the doveadm pw tool provide a way to check a plaintext password against a user's hash from the passdb? …
Check doveadm pw -h output. If it prints "[-t hash]", you can do
something like:
doveadm pw -t '{SHA256-CRYPT}$5$rounds=1000$0123456789abcdef$K/DksR0DT01hGc8g/kt9McEgrbFMKi9qrb1jehe7hn4' Enter password to verify: 08/15!test~4711
{SHA256-CRYPT}$5$rounds=1000$0123456789abcdef$K/DksR0DT01hGc8g/kt9McEgrbFMKi9qrb1jehe7hn4 (verified)
Regards, Pascal
The trapper recommends today: f007ba11.1302723@localdomain.org
participants (3)
-
Daniel Parthey
-
Pascal Volk
-
Public