dovecot - Jul 2019 - Percent character in mail_crypt_private_password not possible

??????? Original Message ???????
On Thursday, July 4, 2019 11:18 AM, Aki Tuomi via dovecot <dovecot at
dovecot.org> wrote:
> It depends. You can use either one, seehttps://wiki2.dovecot.org/Variables
>
> I think the safest option would be setup LDAP so that the private
> password would be only readable by self, and have dovecot use bind
> authentication. This way you can export it only when you successfully
> log in to LDAP.
Good point regarding LDAP but right now I am using PostgreSQL as backend for
storing my accounts and use the following "password_query" parameter:

password_query = SELECT username AS user, password, '%w' AS
userdb_mail_crypt_private_password FROM mailboxes WHERE username = '%u'

So based on the Dovecot Variables wiki documentation you mention I could adapt
my "password_query" parameter to the following in order to use a
SHA512 hash of the password:

password_query = SELECT username AS user, password, '%{sha512:w}' AS
userdb_mail_crypt_private_password FROM mailboxes WHERE username = '%u'

is this correct?

I am also not sure about sha512 hash because the Dovecot Variable wiki page does
not mention sha512 but only sha256. Is sha512 also available?

On 4.7.2019 16.05, mabi via dovecot wrote:
> ??????? Original Message ???????
> On Thursday, July 4, 2019 11:18 AM, Aki Tuomi via dovecot <dovecot at
dovecot.org> wrote:
>
>> It depends. You can use either one,
seehttps://wiki2.dovecot.org/Variables
>>
>> I think the safest option would be setup LDAP so that the private
>> password would be only readable by self, and have dovecot use bind
>> authentication. This way you can export it only when you successfully
>> log in to LDAP.
> Good point regarding LDAP but right now I am using PostgreSQL as backend
for storing my accounts and use the following "password_query"
parameter:
>
> password_query = SELECT username AS user, password, '%w' AS
userdb_mail_crypt_private_password FROM mailboxes WHERE username = '%u'
>
> So based on the Dovecot Variables wiki documentation you mention I could
adapt my "password_query" parameter to the following in order to use a
SHA512 hash of the password:
>
> password_query = SELECT username AS user, password, '%{sha512:w}'
AS userdb_mail_crypt_private_password FROM mailboxes WHERE username =
'%u'
>
> is this correct?
>
> I am also not sure about sha512 hash because the Dovecot Variable wiki page
does not mention sha512 but only sha256. Is sha512 also available?
>
>
>
>
>
Yes

Aki

??????? Original Message ???????
On Thursday, July 4, 2019 3:10 PM, Aki Tuomi <aki.tuomi at
open-xchange.com> wrote:
> > I am also not sure about sha512 hash because the Dovecot Variable wiki
page does not mention sha512 but only sha256. Is sha512 also available?
>
> Yes
Thank you Aki for confirming. I tried it out and it works but I needed to use
"%{sha512:password}" instead of "%{sha512:w}". That's a
nice feature of Dovecot!

Now all I still need to do is to change the password of my user's crypto
keypair to the SHA512 hash of their login password and that's it.