??????? Original Message ??????? On Thursday, July 4, 2019 11:18 AM, Aki Tuomi via dovecot <dovecot at dovecot.org> wrote:> It depends. You can use either one, seehttps://wiki2.dovecot.org/Variables > > I think the safest option would be setup LDAP so that the private > password would be only readable by self, and have dovecot use bind > authentication. This way you can export it only when you successfully > log in to LDAP.Good point regarding LDAP but right now I am using PostgreSQL as backend for storing my accounts and use the following "password_query" parameter: password_query = SELECT username AS user, password, '%w' AS userdb_mail_crypt_private_password FROM mailboxes WHERE username = '%u' So based on the Dovecot Variables wiki documentation you mention I could adapt my "password_query" parameter to the following in order to use a SHA512 hash of the password: password_query = SELECT username AS user, password, '%{sha512:w}' AS userdb_mail_crypt_private_password FROM mailboxes WHERE username = '%u' is this correct? I am also not sure about sha512 hash because the Dovecot Variable wiki page does not mention sha512 but only sha256. Is sha512 also available?
Aki Tuomi
2019-Jul-04 13:10 UTC
Percent character in mail_crypt_private_password not possible
On 4.7.2019 16.05, mabi via dovecot wrote:> ??????? Original Message ??????? > On Thursday, July 4, 2019 11:18 AM, Aki Tuomi via dovecot <dovecot at dovecot.org> wrote: > >> It depends. You can use either one, seehttps://wiki2.dovecot.org/Variables >> >> I think the safest option would be setup LDAP so that the private >> password would be only readable by self, and have dovecot use bind >> authentication. This way you can export it only when you successfully >> log in to LDAP. > Good point regarding LDAP but right now I am using PostgreSQL as backend for storing my accounts and use the following "password_query" parameter: > > password_query = SELECT username AS user, password, '%w' AS userdb_mail_crypt_private_password FROM mailboxes WHERE username = '%u' > > So based on the Dovecot Variables wiki documentation you mention I could adapt my "password_query" parameter to the following in order to use a SHA512 hash of the password: > > password_query = SELECT username AS user, password, '%{sha512:w}' AS userdb_mail_crypt_private_password FROM mailboxes WHERE username = '%u' > > is this correct? > > I am also not sure about sha512 hash because the Dovecot Variable wiki page does not mention sha512 but only sha256. Is sha512 also available? > > > > >Yes Aki
??????? Original Message ??????? On Thursday, July 4, 2019 3:10 PM, Aki Tuomi <aki.tuomi at open-xchange.com> wrote:> > I am also not sure about sha512 hash because the Dovecot Variable wiki page does not mention sha512 but only sha256. Is sha512 also available? > > YesThank you Aki for confirming. I tried it out and it works but I needed to use "%{sha512:password}" instead of "%{sha512:w}". That's a nice feature of Dovecot! Now all I still need to do is to change the password of my user's crypto keypair to the SHA512 hash of their login password and that's it.
Maybe Matching Threads
- Percent character in mail_crypt_private_password not possible
- Percent character in mail_crypt_private_password not possible
- Percent character in mail_crypt_private_password not possible
- Percent character in mail_crypt_private_password not possible
- Percent character in mail_crypt_private_password not possible