[Dovecot] Migarting password scheme

lst_hoe02 at kwsoft.de lst_hoe02 at kwsoft.de
Fri Mar 22 13:59:53 EET 2013

Zitat von Timo Sirainen <tss at iki.fi>:

> On 21.3.2013, at 18.51, lst_hoe02 at kwsoft.de wrote:
>> Hello,
>> by the move to Dovecot we try to alter the password encryption  
>> stored in the database from MD5 to CRYPT-SHA256 along the Guide at  
>> http://wiki2.dovecot.org/HowTo/ConvertPasswordSchemes. It's mostly  
>> working but i still have not found out how to pass the cleartext  
>> password to the re-encrypting script. According to the HowTo it  
>> should be enough to add "'%w' AS userdb_plain_pass" to the passdb  
>> query, to get a environment variable $PLAIN_PASS in the post-login  
>> script to pass along.
>> This does not work eg. PLAIN_PASS is always empty. This is Dovecot  
>> 2.0.19 from Ubuntu 12.04 LTS.
> userdb_plain_pass method requires that you use userdb prefetch.
> And Daryl's method of using %w in regular userdb .. I'm not really  
> sure how well that works. Could easily be that different Dovecot  
> versions behave differently.


with "userdb prefetch" it works. Sorry it was not clear to me that  
userdb prefetch *must* be used to get *this* userdb setting to work.  
Maybe it should be listed at  
http://wiki2.dovecot.org/HowTo/ConvertPasswordSchemes. Furthermore the  
example listed there does a migration from CRYPT to SHA256 (salted)  
but not CRYPT-SHA256 which is recommended, no?



More information about the dovecot mailing list