Re: [Dovecot] password schemes in dovecot

2013-01-27 Thread Pascal Volk 
On 01/27/2013 11:21 PM Daniel Parthey wrote:
> Does the doveadm pw tool provide a way to check a plaintext password
> against a user's hash from the passdb? …

Check `doveadm pw -h` output. If it prints "[-t hash]", you can do
something like:

doveadm pw -t 
'{SHA256-CRYPT}$5$rounds=1000$0123456789abcdef$K/DksR0DT01hGc8g/kt9McEgrbFMKi9qrb1jehe7hn4'
Enter password to verify: 08/15!test~4711

{SHA256-CRYPT}$5$rounds=1000$0123456789abcdef$K/DksR0DT01hGc8g/kt9McEgrbFMKi9qrb1jehe7hn4
 (verified)


Regards,
Pascal
-- 
The trapper recommends today: f007ba11.1302...@localdomain.org

Re: [Dovecot] password schemes in dovecot

2013-01-27 Thread Daniel Parthey 
Pascal Volk wrote:
> On 01/26/2013 01:04 AM Public wrote:
> > In the wiki http://wiki2.dovecot.org/Authentication/PasswordSchemes
> > BLF-CRYPT is listed, but i can't use it. "doveadm pw -l" doesn't show it.
> > And i'm unsure about how I am supposed to use the different SHA schemes,
> > since they always output different hashes for the same password. MD5 is
> > working fine, but I'd rather not use it. 
> > Is the wiki outdated or how do i get BLF-CRYPT working?
> 
> Your system's libc doesn't support Blowfish crypt, as mentioned in
> doveadm-pw(1) .
> 
> The crypt-hashes are salted hashes. `doveadm pw` generates a random
> salt, each time it is invoked. Therefore you will see different hashes,
> even when you enter the same password multiple times.

Does the doveadm pw tool provide a way to check a plaintext password
against a user's hash from the passdb? This would be useful to do some
security checks without actually logging the users in which would update
their lastlogin timestamp.

Regards
Daniel
-- 
https://plus.google.com/103021802792276734820

Re: [Dovecot] password schemes in dovecot

2013-01-27 Thread Pascal Volk 
On 01/26/2013 01:04 AM Public wrote:
> Hey there,
> 
> I'm using the latest dovecot 2.1.13
> 
> In the wiki http://wiki2.dovecot.org/Authentication/PasswordSchemes BLF-CRYPT 
> is listed, but i can't use it. "doveadm pw -l" doesn't show it. And i'm 
> unsure about how I am supposed to use the different SHA schemes, since they 
> always output different hashes for the same password. MD5 is working fine, 
> but I'd rather not use it. 
> Is the wiki outdated or how do i get BLF-CRYPT working?

Your system's libc doesn't support Blowfish crypt, as mentioned in
doveadm-pw(1) .

The crypt-hashes are salted hashes. `doveadm pw` generates a random
salt, each time it is invoked. Therefore you will see different hashes,
even when you enter the same password multiple times.


Regards,
Pascal
-- 
The trapper recommends today: defaced.1302...@localdomain.org

[Dovecot] password schemes in dovecot

2013-01-27 Thread Public 
Hey there,

I'm using the latest dovecot 2.1.13

In the wiki http://wiki2.dovecot.org/Authentication/PasswordSchemes BLF-CRYPT 
is listed, but i can't use it. "doveadm pw -l" doesn't show it. And i'm unsure 
about how I am supposed to use the different SHA schemes, since they always 
output different hashes for the same password. MD5 is working fine, but I'd 
rather not use it. 
Is the wiki outdated or how do i get BLF-CRYPT working?

thanks,
simon