On 2/20/19 5:09 AM, Yassine Chaouche via dovecot wrote:
On 2/12/19 5:05 PM, Robert Moskowitz via dovecot wrote:
I have trying to find how to set the dovecot-sql.conf for using
SHA256/512. I am going to start clean with the stronger format, not
migrate from the old MD5. It seems all I need is:
[...] default_pass_scheme = SHAxxx-CRYPT [...]
How do your users change their password ?
Many never do! Those that do, use the Roundcube plugin, or ask me to
change their password via the Postfixadmin manager. Sigh.
Here's how I configured my roundcube's password plugin to keep things
together ($roundcubefolder/plugins/password/config.php)
$config['password_algorithm'] = 'dovecot';
$config['password_algorithm_prefix'] = '{SHA512-CRYPT}';
$config['password_dovecotpw_method'] = 'SHA512-CRYPT';
$config['password_query'] = "UPDATE mail.users SET password=%P WHERE
email=%u LIMIT 1";
I left other fields alone.
Yassine.
Thanks much better info than I was seeing in my googling. Except I
would not use %p:
// The SQL query used to change the password.
// The query can contain the following macros that will be expanded as
follows:
// %p is replaced with the plaintext new password
// %c is replaced with the crypt version of the new password, MD5 if
available
// otherwise DES.
// %D is replaced with the dovecotpw-crypted version of the new password
// %o is replaced with the password before the change
// %n is replaced with the hashed version of the new password
// %q is replaced with the hashed password before the change
// %h is replaced with the imap host (from the session info)
// %u is replaced with the username (from the session info)
// %l is replaced with the local part of the username
// (in case the username is an email address)
// %d is replaced with the domain part of the username
// (in case the username is an email address)
%D seems to be what I want...
And in mysql, I believe the table is mailbox.
$rcmail_config['password_query'] = "UPDATE mailbox SET password = %D, modified =
NOW() WHERE username = %u";
I got from:
https://kaworu.ch/blog/2016/04/20/strong-crypt-scheme-with-dovecot-postfixadmin-and-roundcube/
thanks!
