reik red
2014-Dec-20 05:55 UTC
doveadm pw generates different hash each time it is invoked !?
I am absolutely dumbfounded by "doveadm pw". My understanding is that
the command should be used to create a hashed password that should in
turn be placed into /etc/dovecot/passwd
Here comes the "dumbfounded" part. I was creating a new virtual user,
running doveadm pw to generate the hashed password. But when I tried to
login via imap, the password was rejected. So I started checking that I
had populated /etc/dovecot/passwd with the correct values, and in the
process I ran "doveadm pw" again to make certain I had not
accidentally
pasted the wrong value along with a username.
(I'm re-submittting after setting up a subscription, so I don't have to
wait for the moderator)
,
What happened next surprised me greatly: if I specify "-s ssha", the
resulting hashed password changes each time I invoke "doveadm pw", but
if I do not specify the hashing method, I get the same password each time (as I
expect). What on earth is going on here? There must be something
fundamental that I am missing.
=============================================Illustrative example:
machine(user) 6136 > doveadm pw -u joebob
Enter new password:
Retype new password:
{CRAM-MD5}00747cf2ffaf11c5ea4a64979c3901fc1d20dee13f480bb598f7d8575b23e61b
machine(user) 6137 > doveadm pw -u joebob
Enter new password:
Retype new password:
{CRAM-MD5}00747cf2ffaf11c5ea4a64979c3901fc1d20dee13f480bb598f7d8575b23e61b
#SAME, as expected
machine(user) > doveadm pw -u glorg
Enter new password:
Retype new password:
{CRAM-MD5}00747cf2ffaf11c5ea4a64979c3901fc1d20dee13f480bb598f7d8575b23e61b
#another surprising behavior: The (virtual) username specified does not affect
the hash!!!
machine(user) 6138 > doveadm pw -u joebob -s ssha
Enter new password:
Retype new password:
{SSHA}AtjINkQra967qIhU6khRED4U1x3aKwDi
machine(user) 6139 > doveadm pw -u joebob -s ssha
Enter new password:
Retype new password:
{SSHA}fZiFlHPKDn6ESM/gnUIcjJ14hRlH10DV
# DIFFERENT, very unexpected
=============================================
I'm on fedora 19, using dovecot.x86_64 version 1:2.2.15-1.fc19 per yum.
Daniel Parthey
2014-Dec-26 00:06 UTC
doveadm pw generates different hash each time it is invoked !?
Hi there, if you are getting different results on each invocation of the hash function, you might have selected a salted hashing function which generates a random salt. When you provide the same salt, you should get the same result for the same input, but when you omit the salt, it generates a random one for you. Regards Daniel
Apparently Analagous Threads
- doveadm pw generates different hash each time it is invoked
- Windows XP & greyed-out Guest user password prompt
- SQL Server via DBI/ODBC configuration
- Howto setup SLES 9 w/Samba 3.04 in a Domain & SSL SWAT
- Access denied error when trying to join XP to Samba Domain