Spack
2011-Aug-31 22:17 UTC
[Dovecot] [PATCH] Allow verification of user's hash in doveadm-pw
Hi,
It may be useful for testing purpose to know if a generated password
hash correspond to a given clear password. This can be useful to check
if a hash generated by another program can be verified by Dovecot
without any errors.
This patch adds the ability the verify a password hash using `doveadm
pw` via the `-V` option.
??? $ doveadm pw -s SSHA.hex
??? Enter new password:
??? Retype new password:
??? {SSHA.HEX}58b910d947c60b35be3e12b0d9897c1f87dfa450e6d5a75c
??? $ doveadm pw -s SSHA.hex
-V{SSHA.HEX}58b910d947c60b35be3e12b0d9897c1f87dfa450e6d5a75c
??? Enter new password:
??? Retype new password:
??? {SSHA.HEX}4fdf801f57870fb624bee60895c2308187837dfb3987ca06 (verified)
When the user specify a hash, it is checked in place of the usual
verification process. This works with all schemes. Just be sure to
escape special characters or use simple quotes.
$ doveadm pw -s MD5-CRYPT
-V'{MD5-CRYPT}$1$R7thDyN.$E0G0czPE/h4S0Hn/b5oVW1'
Enter new password:
Retype new password:
{MD5-CRYPT}$1$rp8nVSqq$gDAPM5iqv1yhBoDZIWsQ4/ (verified)
Lets print a failed check:
doveadm pw -s CRYPT -V{CRYPT}/uuE/AAAAAAAA
Enter new password:
Retype new password:
reverse password verification check failed
FYI the word used for those test cases was "password".
Regards,
___
Jimmy Thrasibule <spack.world at gmail.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: user_hash-doveadm-pw.diff
Type: text/x-patch
Size: 1708 bytes
Desc: not available
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20110901/ce62b6bb/attachment-0004.bin>
Timo Sirainen
2012-Feb-12 00:24 UTC
[Dovecot] [PATCH] Allow verification of user's hash in doveadm-pw
On 09/01/2011 01:17 AM, Spack wrote:> Hi, > > It may be useful for testing purpose to know if a generated password > hash correspond to a given clear password. This can be useful to check > if a hash generated by another program can be verified by Dovecot > without any errors. > > This patch adds the ability the verify a password hash using `doveadm > pw` via the `-V` option.Committed, with a few changes: http://hg.dovecot.org/dovecot-2.1/rev/fffa4d53e901> + while ((ch = getopt(argc, argv, "lp:r:s:u:V::")) != -1) {"::" isn't standard, so I added a separate -t parameter to give the hash.