[Dovecot] Change password cheme
We want to update our password scheme from crypt to SHA256.
Because usernames/passwords are in MySQL I thought this wouldn't be a problem. We have about 3000 users that need to be updated, so make a new password for them isn't possible. I was thinking of an automated script that would update the database after every login.
So we did this: dovecot.conf: mail_executable = /usr/local/etc/updatepwd.sh
updatepwd.sh: #!/bin/sh $USER $PASSWORD|/usr/local/etc/do_updatepwd.pl exec /usr/local/libexec/dovecot/imap "$@"
(do_updatepwd.pl is a perl script that makes a sha256 from the second argument, and then update the mysql-query)
However: the password is not in the ENVIROMENT anymore. I changed in dovecot the settings: auth_debug = yes auth_debug_passwords = yes
Anyone a solution for this?
Best regards, Pascal
On 22.3.2011, at 15.20, Pascal Nobus wrote:
We want to update our password scheme from crypt to SHA256.
Because usernames/passwords are in MySQL I thought this wouldn't be a problem.
So that'd be passdb and userdb sql.
However: the password is not in the ENVIROMENT anymore.
Use passdb sql + userdb prefetch: http://wiki.dovecot.org/UserDatabase/Prefetch
Then have
password_query = select '%w' as userdb_password, ...
and now you'll have $PASSWORD environment. You could maybe also do this all by creating a mysql function that compares and updates the password directly, i.e:
password_query = select check_password('%u', '%w')
participants (2)
-
Pascal Nobus
-
Timo Sirainen