<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
<br>
<div class="moz-cite-prefix">On 2/20/19 5:09 AM, Yassine Chaouche
via dovecot wrote:<br>
</div>
<blockquote type="cite"
cite="mid:d89b3611-a2ec-74bf-5d95-a0d04f94bca5@algerian-radio.dz">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<div class="moz-cite-prefix">On 2/12/19 5:05 PM, Robert Moskowitz
via dovecot wrote:<br>
</div>
<blockquote type="cite"
cite="mid:4a69ae51-bafb-00ed-36d7-6ce2abc4865c@htt-consult.com">
<meta http-equiv="content-type" content="text/html;
charset=UTF-8">
I have trying to find how to set the dovecot-sql.conf for using
SHA256/512. I am going to start clean with the stronger format,
not migrate from the old MD5. It seems all I need is:<br>
<pre><span class="inner-pre" style="font-size: 16px">[...]
default_pass_scheme = SHAxxx-CRYPT
</span><span class="inner-pre" style="font-size: 16px"></span>[...]
</pre>
</blockquote>
<p>How do your users change their password ?</p>
</blockquote>
<br>
Many never do! Those that do, use the Roundcube plugin, or ask me
to change their password via the Postfixadmin manager. Sigh.<br>
<br>
<blockquote type="cite"
cite="mid:d89b3611-a2ec-74bf-5d95-a0d04f94bca5@algerian-radio.dz">
<p>Here's how I configured my roundcube's password plugin to keep
things together ($roundcubefolder/plugins/password/config.php)<br>
</p>
<pre>$config['password_algorithm'] = 'dovecot';</pre>
<pre>$config['password_algorithm_prefix'] = '{SHA512-CRYPT}';</pre>
<pre>$config['password_dovecotpw_method'] = 'SHA512-CRYPT';</pre>
<pre>$config['password_query'] = "UPDATE mail.users SET password=%P WHERE email=%u LIMIT 1";</pre>
<p>I left other fields alone.<br>
</p>
<p>Yassine.<br>
</p>
</blockquote>
Thanks much better info than I was seeing in my googling. Except I
would not use %p:<br>
<br>
<pre><span class="c1">// The SQL query used to change the password.</span>
<span class="c1">// The query can contain the following macros that will be expanded as follows:</span>
<span class="c1">// %p is replaced with the plaintext new password</span>
<span class="c1">// %c is replaced with the crypt version of the new password, MD5 if available</span>
<span class="c1">// otherwise DES.</span>
<span class="c1">// %D is replaced with the dovecotpw-crypted version of the new password</span>
<span class="c1">// %o is replaced with the password before the change</span>
<span class="c1">// %n is replaced with the hashed version of the new password</span>
<span class="c1">// %q is replaced with the hashed password before the change</span>
<span class="c1">// %h is replaced with the imap host (from the session info)</span>
<span class="c1">// %u is replaced with the username (from the session info)</span>
<span class="c1">// %l is replaced with the local part of the username</span>
<span class="c1">// (in case the username is an email address)</span>
<span class="c1">// %d is replaced with the domain part of the username</span>
<span class="c1">// (in case the username is an email address)</span>
<span class="c1"></span></pre>
<br>
<br>
%D seems to be what I want...<br>
<br>
And in mysql, I believe the table is mailbox.<br>
<br>
<pre><span class="nv">$rcmail_config</span><span class="p">[</span><span class="s1">'password_query'</span><span class="p">]</span> <span class="o">=</span> <span class="s2">"UPDATE mailbox SET password = %D, modified = NOW() WHERE username = %u"</span><span class="p">;</span>
</pre>
<br>
I got from:
<a class="moz-txt-link-freetext" href="https://kaworu.ch/blog/2016/04/20/strong-crypt-scheme-with-dovecot-postfixadmin-and-roundcube/">https://kaworu.ch/blog/2016/04/20/strong-crypt-scheme-with-dovecot-postfixadmin-and-roundcube/</a><br>
<br>
thanks!<br>
<br>
<br>
</body>
</html>