doveadm pw generates different hash each time it is invoked !?
I am absolutely dumbfounded by "doveadm pw". My understanding is that the command should be used to create a hashed password that should in turn be placed into /etc/dovecot/passwd
Here comes the "dumbfounded" part. I was creating a new virtual user, running doveadm pw to generate the hashed password. But when I tried to login via imap, the password was rejected. So I started checking that I had populated /etc/dovecot/passwd with the correct values, and in the process I ran "doveadm pw" again to make certain I had not accidentally pasted the wrong value along with a username.
(I'm re-submittting after setting up a subscription, so I don't have to wait for the moderator) , What happened next surprised me greatly: if I specify "-s ssha", the resulting hashed password changes each time I invoke "doveadm pw", but if I do not specify the hashing method, I get the same password each time (as I expect). What on earth is going on here? There must be something fundamental that I am missing.
============================================== Illustrative example:
machine(user) 6136 > doveadm pw -u joebob Enter new password: Retype new password: {CRAM-MD5}00747cf2ffaf11c5ea4a64979c3901fc1d20dee13f480bb598f7d8575b23e61b
machine(user) 6137 > doveadm pw -u joebob Enter new password: Retype new password: {CRAM-MD5}00747cf2ffaf11c5ea4a64979c3901fc1d20dee13f480bb598f7d8575b23e61b #SAME, as expected
machine(user) > doveadm pw -u glorg Enter new password: Retype new password: {CRAM-MD5}00747cf2ffaf11c5ea4a64979c3901fc1d20dee13f480bb598f7d8575b23e61b #another surprising behavior: The (virtual) username specified does not affect the hash!!!
machine(user) 6138 > doveadm pw -u joebob -s ssha Enter new password: Retype new password: {SSHA}AtjINkQra967qIhU6khRED4U1x3aKwDi
machine(user) 6139 > doveadm pw -u joebob -s ssha Enter new password: Retype new password: {SSHA}fZiFlHPKDn6ESM/gnUIcjJ14hRlH10DV # DIFFERENT, very unexpected
==============================================
I'm on fedora 19, using dovecot.x86_64 version 1:2.2.15-1.fc19 per yum.
Hi there,
if you are getting different results on each invocation of the hash function, you might have selected a salted hashing function which generates a random salt. When you provide the same salt, you should get the same result for the same input, but when you omit the salt, it generates a random one for you.
Regards Daniel
participants (2)
-
Daniel Parthey
-
reik red