doveadm−pw − Dovecot's password hash generator
doveadm [−Dv] pw −l
doveadm [−Dv] pw [−p password] [−r rounds] [−s scheme] [−u user] [−V]
doveadm [−Dv] pw −t hash [−p password] [−u user]
doveadm pw is used to generate password hashes for different password schemes and optionally verify the generated hash.
All generated password hashes have a {scheme} prefix, for example {SHA512−CRYPT.HEX}. All passdbs have a default scheme for passwords stored without the {scheme} prefix. The default scheme can be overridden by storing the password with the scheme prefix.
Global doveadm(1) options:
−D |
Enables verbosity and debug messages. |
|||
−v |
Enables verbosity, including progress counter. |
Command specific options:
−l |
List all supported password schemes and exit successfully. |
There are up to three optional password schemes: BLF−CRYPT (Blowfish crypt), SHA256−CRYPT and SHA512−CRYPT. Their availability depends on the system's currently used libc.
−p password
The plain text password for which the hash should be generated. If no password was given doveadm(1) will prompt interactively for one.
−r rounds
The password schemes BLF−CRYPT, SHA256−CRYPT and SHA512−CRYPT supports a variable number of encryption rounds. The following table shows the minimum/maximum number of encryption rounds per scheme. When the −r option was omitted the default number of encryption rounds will be applied.
Scheme | Minimum | Maximum | Default
----------------------------------------------
BLF−CRYPT | 4 | 31 | 5
SHA256−CRYPT | 1000 | 999999999 | 5000
SHA512−CRYPT | 1000 | 999999999 | 5000
−s scheme
The password scheme which should be used to generate the hashed password. By default the CRAM−MD5 scheme will be used. It is also possible to append an encoding suffix to the scheme. Supported encoding suffixes are: .b64, .base64 and .hex.
See also http://wiki2.dovecot.org/Authentication/PasswordSchemes for more details about password schemes.
−t hash
Test if the given password hash matches a given plain text password. The plain text password may be passed using the −p option. When no password was specified, doveadm(1) will prompt interactively for one.
−u user
When the DIGEST−MD5 scheme is used, also the user name must be given, because the user name is a part of the generated hash. For more information about Digest−MD5 please read also: http://wiki2.dovecot.org/Authentication/Mechanisms/DigestMD5
−V |
When this option is given, the hashed password will be internally verified. The result of the verification will be shown after the hashed password, enclosed in parenthesis. |
The first password hash is a DIGEST−MD5 hash for jane DOT roe AT example DOT com. The second password hash is a CRAM−MD5 hash for john DOT doe AT example DOT com.
doveadm pw −s digest−md5 −u jane DOT roe AT example DOT com
Enter new password:
Retype new password:
{DIGEST−MD5}9b9dcb4466233a9307bbc33708dffda0
doveadm pw
Enter new password:
Retype new password:
{CRAM−MD5}913331d8782236a8ecba7764a63aa27b26437fd40ca878d887f11d81245c2c6b
Report bugs, including doveconf −n output, to the Dovecot Mailing List <dovecot AT dovecot DOT org>. Information about reporting bugs is available at: http://dovecot.org/bugreport.html