Re: Automatic DB password hash scheme selection

2017-09-08 Thread Kurt Fitzner 

Hi all,

Is there a way to get dovecot to recognize arbitrary password hash
schemes when looking up a password in a database? I originally set up
with #default_pass_scheme = MD5, and I would like to migrate to 
SHA512.


Is this possible currently?
Thanks,

Kurt


Hi!

Prefix with {SCHEME}.


Hi Aki,

Thanks for the tip.  This works, but when implementing it I discovered 
that just setting the password type generically to 'CRYPT' will let 
Dovecott use the built-in OS crypt decoding of the scheme number already 
encoded in the password.  It now automatically detects MD5, SHA256, and 
SHA512.  If my Linux distribution supported blowfish it would support 
that too.

Re: Automatic DB password hash scheme selection

2017-09-08 Thread Aki Tuomi 


On 08.09.2017 06:16, Kurt Fitzner wrote:
>  
>
> Hi all, 
>
> Is there a way to get dovecot to recognize arbitrary password hash
> schemes when looking up a password in a database? I originally set up
> with #default_pass_scheme = MD5, and I would like to migrate to SHA512. 
>
> Seeing as the scheme is actually stored in the password column along
> with the password in the format $__$__$__,
> it seems to me that dovecot should be able to look at the scheme number
> and simply do the right thing. If this is possible, then migrating
> passwords over would be much easier, since people will still be able to
> log in with their old MD5-hashed password and the changer can be set up
> to hash with the new method. 
>
> Is this possible currently? 
> Thanks, 
>
>  Kurt 

Hi!

Prefix with {SCHEME}.

Aki

Automatic DB password hash scheme selection

2017-09-07 Thread Kurt Fitzner 
 

Hi all, 

Is there a way to get dovecot to recognize arbitrary password hash
schemes when looking up a password in a database? I originally set up
with #default_pass_scheme = MD5, and I would like to migrate to SHA512. 

Seeing as the scheme is actually stored in the password column along
with the password in the format $__$__$__,
it seems to me that dovecot should be able to look at the scheme number
and simply do the right thing. If this is possible, then migrating
passwords over would be much easier, since people will still be able to
log in with their old MD5-hashed password and the changer can be set up
to hash with the new method. 

Is this possible currently? 
Thanks, 

 Kurt