[Dovecot] [PATCH] Allow verification of user's hash in doveadm-pw
Hi,
It may be useful for testing purpose to know if a generated password hash correspond to a given clear password. This can be useful to check if a hash generated by another program can be verified by Dovecot without any errors.
This patch adds the ability the verify a password hash using doveadm pw via the -V option.
$ doveadm pw -s SSHA.hex Enter new password: Retype new password: {SSHA.HEX}58b910d947c60b35be3e12b0d9897c1f87dfa450e6d5a75c
$ doveadm pw -s SSHA.hex -V{SSHA.HEX}58b910d947c60b35be3e12b0d9897c1f87dfa450e6d5a75c Enter new password: Retype new password: {SSHA.HEX}4fdf801f57870fb624bee60895c2308187837dfb3987ca06 (verified)
When the user specify a hash, it is checked in place of the usual verification process. This works with all schemes. Just be sure to escape special characters or use simple quotes.
$ doveadm pw -s MD5-CRYPT -V'{MD5-CRYPT}$1$R7thDyN.$E0G0czPE/h4S0Hn/b5oVW1'
Enter new password:
Retype new password:
{MD5-CRYPT}$1$rp8nVSqq$gDAPM5iqv1yhBoDZIWsQ4/ (verified)Lets print a failed check:
doveadm pw -s CRYPT -V{CRYPT}/uuE/AAAAAAAA
Enter new password:
Retype new password:
reverse password verification check failedFYI the word used for those test cases was "password".
Regards,
Jimmy Thrasibule spack.world@gmail.com
On 09/01/2011 01:17 AM, Spack wrote:
Hi,
It may be useful for testing purpose to know if a generated password hash correspond to a given clear password. This can be useful to check if a hash generated by another program can be verified by Dovecot without any errors.
This patch adds the ability the verify a password hash using
doveadm pwvia the-Voption.
Committed, with a few changes: http://hg.dovecot.org/dovecot-2.1/rev/fffa4d53e901
- while ((ch = getopt(argc, argv, "lp:r:s:u:V::")) != -1) {
"::" isn't standard, so I added a separate -t parameter to give the hash.
participants (2)
-
Spack
-
Timo Sirainen