[Dovecot] adding users to passwd-file
Is there a tool equivalent to the system "passwd" command (or maybe "adduser" or "useradd") that can support a passwd-file by setting a password, encrypting it with the salted MD5 scheme? The system "passwd" command doesn't have an option to "do it to this alternate file instead of /etc/shadow".
Phil Howard <ttiphil@gmail.com> (Mo 26 Apr 2010 22:31:45 CEST):
Is there a tool equivalent to the system "passwd" command (or maybe "adduser" or "useradd") that can support a passwd-file by setting a password, encrypting it with the salted MD5 scheme? The system "passwd" command doesn't have an option to "do it to this alternate file instead of /etc/shadow".
Some people use „htpasswd“, but there not password scheme is coded into the password hash.
It's not clear what you're seeking - some tool for generating the hashed string (e.g. „openssl passwd -1 "$cleartext"“) or some tool for managing the entries in the (dovecot) password file.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann-- SCHLITTERMANN.de ---------------------------- internet & unix support - Heiko Schlittermann HS12-RIPE ----------------------------------------- gnupg encrypted messages are welcome - key ID: 48D0359B --------------- gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2 7E92 EE4E AC98 48D0 359B -
On Mon, Apr 26, 2010 at 4:38 PM, Heiko Schlittermann <hs@schlittermann.de>wrote:
Some people use „htpasswd“, but there not password scheme is coded into the password hash.
It's not clear what you're seeking - some tool for generating the hashed string (e.g. „openssl passwd -1 "$cleartext"“) or some tool for managing the entries in the (dovecot) password file.
I left it vague to handle some variety. Something to add/delete users is nice. Something to change password in place is nice. Something that given a user and plain text password and everything else Dovecot needs when using it as userdb, and would output to stdout the line contents that would go into the file, would do the job.
I want to avoid re-inventing the wheel. If there are no wheels, I guess I'll just look up the salted-MD5 format details and do it.
On Mon, April 26, 2010 1:46 pm, Phil Howard wrote:
On Mon, Apr 26, 2010 at 4:38 PM, Heiko Schlittermann <hs@schlittermann.de>wrote:
Some people use htpasswd, but there not password scheme is coded into the password hash.
It's not clear what you're seeking - some tool for generating the hashed string (e.g. openssl passwd -1 "$cleartext") or some tool for managing the entries in the (dovecot) password file.
I left it vague to handle some variety. Something to add/delete users is nice. Something to change password in place is nice. Something that given a user and plain text password and everything else Dovecot needs when using it as userdb, and would output to stdout the line contents that would go into the file, would do the job.
I want to avoid re-inventing the wheel. If there are no wheels, I guess I'll just look up the salted-MD5 format details and do it.
Here's a little perl script you can start with for creating the MD5 salted password (slightly modified from something I found on the net a couple of years ago):
#!/usr/bin/perl -wl use strict;
use Crypt::PasswdMD5 qw(unix_md5_crypt); my @salt = ( '.', '/', 0 .. 9, 'A' .. 'Z', 'a' .. 'z' );
# take clear-text password as argument: my $password = shift || die "usage: $0 password";
my %encrypted;
# generate md5 password $encrypted{md5} = unix_md5_crypt( $password, gensalt(8) );
print "$_ $encrypted{$_}" for sort keys %encrypted;
# uses global @salt to construct salt string of requested length sub gensalt { my $count = shift;
my $salt; for (1..$count) { $salt .= (@salt)[rand @salt]; }
return $salt; }
You will need to have the Crypt::PasswdMD5 perl module installed to use this.
Bill
Where can I find documentation on this command? There is no "man dovecotpw" installed, and searching for "dovecotpw" on the wiki gives 4 pages that mention its existance.
Just executing the command with no options gives a password prompt that cannot be broken out of (had to kill from another terminal). The -h and -l options give some info, but not enough to plan how to integrate this into building the passdb/userdb. For example how to reference the appropriate file.
marconi/root/x0 /root 72# /usr/sbin/dovecotpw -h
/usr/sbin/dovecotpw: invalid option -- 'h' usage: dovecotpw [-l] [-p plaintext] [-s scheme] [-u user] [-V] -l List known password schemes -p plaintext New password -s scheme Password scheme -u user Username (if scheme uses it) -V Internally verify the hash marconi/root/x0 /root 73# /usr/sbin/dovecotpw -l CRYPT MD5 MD5-CRYPT SHA SHA1 SHA256 SMD5 SSHA PLAIN CLEARTEXT CRAM-MD5 HMAC-MD5 DIGEST-MD5 PLAIN-MD4 PLAIN-MD5 LDAP-MD5 LANMAN NTLM OTP SKEY RPA marconi/root/x0 /root 74#
On Mon, Apr 26, 2010 at 5:16 PM, Mike Abbott <michael.abbott@apple.com>wrote:
Is there a tool equivalent to the system "passwd" command
The dovecotpw command may be a good place to start.
participants (4)
-
Bill Landry
-
Heiko Schlittermann
-
Mike Abbott
-
Phil Howard