thr3ads.net - dovecot - Changing Password Schemes [Apr 2016]

If this information is useful, please help other people find it:
Share via:

Carl A Jeptha

2016-Apr-29 09:58 UTC

Changing Password Schemes

Good Day,
I have been following this tutorial without much luck - 
http://wiki2.dovecot.org/HowTo/ConvertPasswordSchemes#CA-26af2b83a43b8100522c57565773f605c21f2f27_1

It is obvious to me that I am not following the instructions correctly 
and need to be shown what I am misunderstanding.

I have an old postfix + dovecot + Roundcube mailserver 
(mail.domain.Tld). Server clock is loosing time and adjusting it causes 
dovecot to kill itself, we cannot install more memory, bigger 
hard-drives, etc.

I have built a new server box (mail2.domain.Tld) With Postfix + dovecot 
+ Roundcube. This server is functioning, with a client's new domain, and 
my personal domain. it's password system is SHA512-CRYPT.

I have imported the users from the old server over to the new server. I 
have created a new column "plain_pass" for the plain passwords.

I will be using imapsync to transfer the mail folders from the one 
server to the other, but will not proceed until I fix this issue.

# 2.2.18: /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.8 (0c4ae064f307+)
# OS: Linux 4.2.0-35-generic x86_64 Ubuntu 15.10 ext4
auth_mechanisms = plain login
first_valid_gid = 8
first_valid_uid = 150
last_valid_gid = 8
last_valid_uid = 150
listen = *
mail_gid = mail
mail_location = maildir:/var/vmail/%d/%n
mail_uid = vmail
namespace inbox {
   inbox = yes
   location    mailbox Drafts {
     special_use = \Drafts
   }
   mailbox Junk {
     special_use = \Junk
   }
   mailbox Sent {
     special_use = \Sent
   }
   mailbox "Sent Messages" {
     special_use = \Sent
   }
   mailbox Trash {
     special_use = \Trash
   }
   prefix }
passdb {
   args = /etc/dovecot/dovecot-sql.conf.ext
   driver = sql
}
plugin {
   quota_grace = 10%%
   quota_rule = *:storage=1G
   quota_rule2 = Trash:storage=+100M
   quota_warning = storage=95%% quota-warning 95 %u
   quota_warning2 = storage=80%% quota-warning 80 %u
}
postmaster_address = postmaster at airnet.ca
protocols = imap pop3 lmtp lmtp pop3
service auth {
   unix_listener /var/spool/postfix/private/auth {
     group = postfix
     mode = 0666
     user = postfix
   }
   unix_listener auth-userdb {
     group = mail
     mode = 0666
     user = vmail
   }
}
service imap-login {
   inet_listener imap {
     port = 143
   }
   inet_listener imaps {
     port = 993
     ssl = yes
   }
}
service imap-postlogin {
   executable = script-login /usr/local/etc/popafter.sh
   user = $default_internal_user
}
service imap {
   executable = imap imap-postlogin
}
service pop3-login {
   inet_listener pop3 {
     port = 110
   }
   inet_listener pop3s {
     port = 995
     ssl = yes
   }
}
service pop3-postlogin {
   executable = script-login /usr/local/etc/popafter.sh
   user = $default_internal_user
}
service pop3 {
   executable = pop3 pop3-postlogin
}
ssl_cert = </etc/ssl/certs/ssl-cert-snakeoil.pem
ssl_cipher_list = 
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
ssl_dh_parameters_length = 2048
ssl_key = </etc/ssl/private/ssl-cert-snakeoil.key
ssl_prefer_server_ciphers = yes
ssl_protocols = !SSLv2 !SSLv3
userdb {
   driver = prefetch
}
userdb {
   args = /etc/dovecot/dovecot-sql.conf.ext
   driver = sql
}

-- ------------ You have a good day now, en mag jou m?re ook so wees, 
Carl A Jeptha

Charles Marcus

2016-Apr-29 13:00 UTC

head link

Changing Password Schemes

On 4/29/2016 5:58 AM, Carl A Jeptha <cajeptha at gmail.com>
wrote:> I have an old postfix + dovecot + Roundcube mailserver 
> (mail.domain.Tld). Server clock is loosing time and adjusting it causes 
> dovecot to kill itself, we cannot install more memory, bigger 
> hard-drives, etc.
>
> I have built a new server box
Well, doesn't directly address your question/issue, but...

You know you can fix the server clock problem without building a new
server, right?

Steffen Kaiser

2016-Apr-29 13:02 UTC

head link

Changing Password Schemes

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 29 Apr 2016, Carl A Jeptha wrote:
> Good Day,
> I have been following this tutorial without much luck - 
>
http://wiki2.dovecot.org/HowTo/ConvertPasswordSchemes#CA-26af2b83a43b8100522c57565773f605c21f2f27_1
>
> It is obvious to me that I am not following the instructions correctly and 
> need to be shown what I am misunderstanding.
>
> I have an old postfix + dovecot + Roundcube mailserver (mail.domain.Tld). 
> Server clock is loosing time and adjusting it causes dovecot to kill
itself,
> we cannot install more memory, bigger hard-drives, etc.
>
> I have built a new server box (mail2.domain.Tld) With Postfix + dovecot + 
> Roundcube. This server is functioning, with a client's new domain, and
my
> personal domain. it's password system is SHA512-CRYPT.
>
> I have imported the users from the old server over to the new server. I
have
> created a new column "plain_pass" for the plain passwords.
>
> I will be using imapsync to transfer the mail folders from the one server
to
> the other, but will not proceed until I fix this issue.
Actually, _what_ issue?
> # 2.2.18: /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.4.8 (0c4ae064f307+)
> # OS: Linux 4.2.0-35-generic x86_64 Ubuntu 15.10 ext4
> auth_mechanisms = plain login
> first_valid_gid = 8
> first_valid_uid = 150
> last_valid_gid = 8
> last_valid_uid = 150
> listen = *
> mail_gid = mail
> mail_location = maildir:/var/vmail/%d/%n
> mail_uid = vmail
> namespace inbox {
>  inbox = yes
>  location >  mailbox Drafts {
>    special_use = \Drafts
>  }
>  mailbox Junk {
>    special_use = \Junk
>  }
>  mailbox Sent {
>    special_use = \Sent
>  }
>  mailbox "Sent Messages" {
>    special_use = \Sent
>  }
>  mailbox Trash {
>    special_use = \Trash
>  }
>  prefix > }
> passdb {
>  args = /etc/dovecot/dovecot-sql.conf.ext
>  driver = sql
> }
> plugin {
>  quota_grace = 10%%
>  quota_rule = *:storage=1G
>  quota_rule2 = Trash:storage=+100M
>  quota_warning = storage=95%% quota-warning 95 %u
>  quota_warning2 = storage=80%% quota-warning 80 %u
> }
> postmaster_address = postmaster at airnet.ca
> protocols = imap pop3 lmtp lmtp pop3
> service auth {
>  unix_listener /var/spool/postfix/private/auth {
>    group = postfix
>    mode = 0666
>    user = postfix
>  }
>  unix_listener auth-userdb {
>    group = mail
>    mode = 0666
>    user = vmail
>  }
> }
> service imap-login {
>  inet_listener imap {
>    port = 143
>  }
>  inet_listener imaps {
>    port = 993
>    ssl = yes
>  }
> }
> service imap-postlogin {
>  executable = script-login /usr/local/etc/popafter.sh
>  user = $default_internal_user
> }
> service imap {
>  executable = imap imap-postlogin
> }
> service pop3-login {
>  inet_listener pop3 {
>    port = 110
>  }
>  inet_listener pop3s {
>    port = 995
>    ssl = yes
>  }
> }
> service pop3-postlogin {
>  executable = script-login /usr/local/etc/popafter.sh
>  user = $default_internal_user
> }
> service pop3 {
>  executable = pop3 pop3-postlogin
> }
> ssl_cert = </etc/ssl/certs/ssl-cert-snakeoil.pem
> ssl_cipher_list = 
>
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
> ssl_dh_parameters_length = 2048
> ssl_key = </etc/ssl/private/ssl-cert-snakeoil.key
> ssl_prefer_server_ciphers = yes
> ssl_protocols = !SSLv2 !SSLv3
> userdb {
>  driver = prefetch
> }
> userdb {
>  args = /etc/dovecot/dovecot-sql.conf.ext
>  driver = sql
> }
>
> -- ------------ You have a good day now, en mag jou m?re ook so wees, Carl
A
> Jeptha
>
- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEVAwUBVyNbaXz1H7kL/d9rAQIbnQgAyiX9368WmhyTfTY38YfNWTXW/UW/b/0t
PqyEPx/DLLLW60aSkA0NqJa0nKzsoHip8GQfO/ZY3fqdTdep2rW4NbZW6o8/rFwW
dmNTarux25w7dNvRGWrGZiXTnGAlwQtnJTr8wuwqi2JILqPoh1dL1Ubo90ABTERv
G8q2NXgtD4m0a2aJqmyMXRmep8ocMy3IEIg8JZ/xJtmL86d4bP7kagI2yP7viIUx
EY9JSazl/u6iVIrI6jFDuFUfzAs4dr+wcQHhAM0sY8mFUVYFsdjqxCbytLy39q4O
zyj66UNAGR5yAnXAlADJ7G1fIghskFBa82p/t8QCX9VNSvOnuklqGQ==Q4iK
-----END PGP SIGNATURE-----

Carl A Jeptha

2016-Apr-29 13:04 UTC

head link

Changing Password Schemes

Yes, but the machine is very old, can't more memory (maxed out) hard 
drive size maxed out.

But we cannot keep on going plain text password saved in the database, 
that is asking for trouble to happen, which (touch wood) has not 
happened yet.

------------
You have a good day now, en mag jou m?re ook so wees,

Carl A Jeptha

On 2016-04-29 15:00, Charles Marcus wrote:> On 4/29/2016 5:58 AM, Carl A Jeptha <cajeptha at gmail.com> wrote:
>> I have an old postfix + dovecot + Roundcube mailserver
>> (mail.domain.Tld). Server clock is loosing time and adjusting it causes
>> dovecot to kill itself, we cannot install more memory, bigger
>> hard-drives, etc.
>>
>> I have built a new server box
> Well, doesn't directly address your question/issue, but...
>
> You know you can fix the server clock problem without building a new
> server, right?

Carl A Jeptha

2016-Apr-29 13:07 UTC

head link

Changing Password Schemes

converting the passwords in the database from clear/plain text to 
SHA512-CRYPT

------------
You have a good day now, en mag jou m?re ook so wees,

Carl A Jeptha

On 2016-04-29 15:02, Steffen Kaiser wrote:> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Fri, 29 Apr 2016, Carl A Jeptha wrote:
>
>> Good Day,
>> I have been following this tutorial without much luck - 
>>
http://wiki2.dovecot.org/HowTo/ConvertPasswordSchemes#CA-26af2b83a43b8100522c57565773f605c21f2f27_1
>>
>> It is obvious to me that I am not following the instructions 
>> correctly and need to be shown what I am misunderstanding.
>>
>> I have an old postfix + dovecot + Roundcube mailserver 
>> (mail.domain.Tld). Server clock is loosing time and adjusting it 
>> causes dovecot to kill itself, we cannot install more memory, bigger 
>> hard-drives, etc.
>>
>> I have built a new server box (mail2.domain.Tld) With Postfix + 
>> dovecot + Roundcube. This server is functioning, with a client's
new
>> domain, and my personal domain. it's password system is
SHA512-CRYPT.
>>
>> I have imported the users from the old server over to the new server. 
>> I have created a new column "plain_pass" for the plain
passwords.
>>
>> I will be using imapsync to transfer the mail folders from the one 
>> server to the other, but will not proceed until I fix this issue.
>
> Actually, _what_ issue?
>
>> # 2.2.18: /etc/dovecot/dovecot.conf
>> # Pigeonhole version 0.4.8 (0c4ae064f307+)
>> # OS: Linux 4.2.0-35-generic x86_64 Ubuntu 15.10 ext4
>> auth_mechanisms = plain login
>> first_valid_gid = 8
>> first_valid_uid = 150
>> last_valid_gid = 8
>> last_valid_uid = 150
>> listen = *
>> mail_gid = mail
>> mail_location = maildir:/var/vmail/%d/%n
>> mail_uid = vmail
>> namespace inbox {
>>  inbox = yes
>>  location >>  mailbox Drafts {
>>    special_use = \Drafts
>>  }
>>  mailbox Junk {
>>    special_use = \Junk
>>  }
>>  mailbox Sent {
>>    special_use = \Sent
>>  }
>>  mailbox "Sent Messages" {
>>    special_use = \Sent
>>  }
>>  mailbox Trash {
>>    special_use = \Trash
>>  }
>>  prefix >> }
>> passdb {
>>  args = /etc/dovecot/dovecot-sql.conf.ext
>>  driver = sql
>> }
>> plugin {
>>  quota_grace = 10%%
>>  quota_rule = *:storage=1G
>>  quota_rule2 = Trash:storage=+100M
>>  quota_warning = storage=95%% quota-warning 95 %u
>>  quota_warning2 = storage=80%% quota-warning 80 %u
>> }
>> postmaster_address = postmaster at airnet.ca
>> protocols = imap pop3 lmtp lmtp pop3
>> service auth {
>>  unix_listener /var/spool/postfix/private/auth {
>>    group = postfix
>>    mode = 0666
>>    user = postfix
>>  }
>>  unix_listener auth-userdb {
>>    group = mail
>>    mode = 0666
>>    user = vmail
>>  }
>> }
>> service imap-login {
>>  inet_listener imap {
>>    port = 143
>>  }
>>  inet_listener imaps {
>>    port = 993
>>    ssl = yes
>>  }
>> }
>> service imap-postlogin {
>>  executable = script-login /usr/local/etc/popafter.sh
>>  user = $default_internal_user
>> }
>> service imap {
>>  executable = imap imap-postlogin
>> }
>> service pop3-login {
>>  inet_listener pop3 {
>>    port = 110
>>  }
>>  inet_listener pop3s {
>>    port = 995
>>    ssl = yes
>>  }
>> }
>> service pop3-postlogin {
>>  executable = script-login /usr/local/etc/popafter.sh
>>  user = $default_internal_user
>> }
>> service pop3 {
>>  executable = pop3 pop3-postlogin
>> }
>> ssl_cert = </etc/ssl/certs/ssl-cert-snakeoil.pem
>> ssl_cipher_list = 
>>
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
>> ssl_dh_parameters_length = 2048
>> ssl_key = </etc/ssl/private/ssl-cert-snakeoil.key
>> ssl_prefer_server_ciphers = yes
>> ssl_protocols = !SSLv2 !SSLv3
>> userdb {
>>  driver = prefetch
>> }
>> userdb {
>>  args = /etc/dovecot/dovecot-sql.conf.ext
>>  driver = sql
>> }
>>
>> -- ------------ You have a good day now, en mag jou m?re ook so wees, 
>> Carl A Jeptha
>>
>
> - -- Steffen Kaiser
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQEVAwUBVyNbaXz1H7kL/d9rAQIbnQgAyiX9368WmhyTfTY38YfNWTXW/UW/b/0t
> PqyEPx/DLLLW60aSkA0NqJa0nKzsoHip8GQfO/ZY3fqdTdep2rW4NbZW6o8/rFwW
> dmNTarux25w7dNvRGWrGZiXTnGAlwQtnJTr8wuwqi2JILqPoh1dL1Ubo90ABTERv
> G8q2NXgtD4m0a2aJqmyMXRmep8ocMy3IEIg8JZ/xJtmL86d4bP7kagI2yP7viIUx
> EY9JSazl/u6iVIrI6jFDuFUfzAs4dr+wcQHhAM0sY8mFUVYFsdjqxCbytLy39q4O
> zyj66UNAGR5yAnXAlADJ7G1fIghskFBa82p/t8QCX9VNSvOnuklqGQ=> =Q4iK
> -----END PGP SIGNATURE-----

Reasonably Related Threads

Search for more possibly parallel threads

dovecot - Apr 2016 - Changing Password Schemes

Changing Password Schemes

Changing Password Schemes

Changing Password Schemes

Changing Password Schemes

Changing Password Schemes

Reasonably Related Threads