To sum up: >> Wordpress and others are using phpass to authenticate >> (http://www.openwall.com/phpass/), it is basically a salted md5 hash. >> Basically, after the process, a hash like this is obtained. >> >> $P$BiWISc3IsqRHxeEjq4VJP1Vi8gy4mg1 (for test123 password) >> >> I would like to know if dovecot would be able to read this, > > It can't. But if you're using Openwall, apparently its crypt() supports > this and Dovecot doesn't need to. Unfortunately, that stuff isn't include in any major distribution, had to look on the other options > >> I could still make a custom checkpassword function but that would be >> non-optimal. I created a checkpass script to verify the passwords. For anyone looking for this, I got some good information here:
.- Implementation of custom checkpassword in perl, with a sample testing script: http://wiki.qpsmtpd.org/plugins:auth:authcheckpassword .- Phpass implementation for perl http://search.cpan.org/~zefram/Authen-Passphrase/lib/Authen/Passphrase/PHPass.pm For the dovecot part, just add in the passdb section from dovecot.conf this: passdb checkpassword { args = /etc/dovecot/checkpassword.pl }
