[Dovecot] password schemes in dovecot

Daniel Parthey daniel.parthey at informatik.tu-chemnitz.de
Mon Jan 28 00:21:38 EET 2013

Pascal Volk wrote:
> On 01/26/2013 01:04 AM Public wrote:
> > In the wiki http://wiki2.dovecot.org/Authentication/PasswordSchemes
> > BLF-CRYPT is listed, but i can't use it. "doveadm pw -l" doesn't show it.
> > And i'm unsure about how I am supposed to use the different SHA schemes,
> > since they always output different hashes for the same password. MD5 is
> > working fine, but I'd rather not use it. 
> > Is the wiki outdated or how do i get BLF-CRYPT working?
> Your system's libc doesn't support Blowfish crypt, as mentioned in
> doveadm-pw(1) <http://wiki2.dovecot.org/Tools/Doveadm/Pw#section_options>.
> The crypt-hashes are salted hashes. `doveadm pw` generates a random
> salt, each time it is invoked. Therefore you will see different hashes,
> even when you enter the same password multiple times.

Does the doveadm pw tool provide a way to check a plaintext password
against a user's hash from the passdb? This would be useful to do some
security checks without actually logging the users in which would update
their lastlogin timestamp.


More information about the dovecot mailing list