On 05/07/2010 08:16 PM Phil Howard wrote:> I've decided that having users supply cleartext passwords for me to
encrypt
> and encode is a bad idea, anyway. So maybe I won't need dovecotpw.
The
> idea is that users supply an already-encrypted password. Most of the users
> can fetch their login password from /etc/shadow on their own computer.
>
> Wiki page http://wiki.dovecot.org/Authentication/PasswordSchemes indicates
> that scheme name CRYPT is the one that uses the libc crypt() function. But
> it also says it uses no more than 8 characters. Then there is MD5-CRYPT.
> But that doesn't call crypt(), I presume. No limit on password size is
> indicated. But this at least looks like SOME of the encrypted passwords I
> have.
>
> Other passwords I have have ids indicating SHA-256 and SHA-512. Here is an
> example from /etc/shadow that encrypted the clear password
> "dovecotandpostfix" (in case it is necessary to test it):
>
>
$6$IwZzpjjj$p1VrkxQmgmTED8iQnQrV3sVEZpBmw2N8oD1ykOguXB5tf8aahICesX0TF6.VMThIW2QFs1buHjT3eDtnaAFhF1
>
> The big question is, what scheme name should I use for these passwords? I
> can, of course, consider the id (6 in the above example, suggesting
SHA-512)
> if there is one (so far all are like this). But the other consideration is
> most of the passwords are longer than 8, some longer than 12, characters.
> So apparently CRYPT can't be used in those cases (so I can't have
the
> automatic identification of crypt() to detect the scheme).
>
> What scheme would I use for the various passwords? What scheme would be
> used for the above example for starters? What if the id is 5 or 1 (the
ones
> documented for the crypt() call)?
>
{CRYPT}, for SHA-256 and SHA-512. If your {,g}libc supports it, Dovecot
can use it.
Regards,
Pascal
--
The trapper recommends today: fabaceae.1012721 at localdomain.org