[Dovecot] Using dovecot with wordpress/phpass passwords?

Timo Sirainen tss at iki.fi
Sat Mar 12 17:39:50 EET 2011

On Fri, 2011-03-11 at 17:39 +0100, Joan wrote:

> default_pass_scheme = CRYPT
> password_query = SELECT user_pass AS password FROM wp_users WHERE
> user_email='%u';
> user_query = SELECT 501 as uid, 501 as gid,'maildir:storage=51200' as
> quota FROM wp_users WHERE user_email = '%u'

If you're using Dovecot v1.1+ that quota value won't work.

> Wordpress and others are using phpass to authenticate
> (http://www.openwall.com/phpass/), it is basically a salted md5 hash.
> Basically, after the process, a hash like this is obtained.
>  $P$BiWISc3IsqRHxeEjq4VJP1Vi8gy4mg1 (for test123 password)
> I would like to know if dovecot would be able to read this, 

It can't. But if you're using Openwall, apparently its crypt() supports
this and Dovecot doesn't need to.

> otherwise
> I could still make a custom checkpassword function but that would be
> non-optimal.

Either that or write a phpass plugin.

More information about the dovecot mailing list