[Dovecot] Using dovecot with wordpress/phpass passwords?

Joan aseques at gmail.com
Thu Mar 17 13:01:08 EET 2011

To sum up:

>> Wordpress and others are using phpass to authenticate
>> (http://www.openwall.com/phpass/), it is basically a salted md5 hash.
>> Basically, after the process, a hash like this is obtained.
>>  $P$BiWISc3IsqRHxeEjq4VJP1Vi8gy4mg1 (for test123 password)
>> I would like to know if dovecot would be able to read this,
> It can't. But if you're using Openwall, apparently its crypt() supports
> this and Dovecot doesn't need to.
Unfortunately, that stuff isn't include in any major distribution, had
to look on the other options
>> I could still make a custom checkpassword function but that would be
>> non-optimal.
I created a checkpass script to verify the passwords. For anyone
looking for this, I got some good information here:

.- Implementation of custom checkpassword in perl, with a sample testing script:

.- Phpass implementation for perl

For the dovecot part, just add in the passdb section from dovecot.conf this:

  passdb checkpassword {
    args = /etc/dovecot/checkpassword.pl

More information about the dovecot mailing list