2014-09-17 08:37:38 -05:00
< html >
< head >
< meta http-equiv = "Content-Type" content = "text/html; charset=utf-8" / >
< title > How to use or migrate password hashes< / title >
< link href = "../css/markdown.css" rel = "stylesheet" > < / head >
< / head >
< body >
< h1 id = "how-to-use-or-migrate-password-hashes" > How to use or migrate password hashes< / h1 >
< h2 id = "password-hashes-supported-by-iredmail" > Password hashes supported by iRedMail< / h2 >
< p > iRedMail configures Postfix to use Dovecot as SASL authenticate server, so all
password schemes supported by Dovecot can be used in iRedMail. Please refer to
Dovecot wiki page
< a href = "http://wiki2.dovecot.org/Authentication/PasswordSchemes" > < code > Password Schemes< / code > < / a > for more details.< / p >
< p > Below password schemes are supported in iRedAdmin-Pro (which means you can add new mail user with either one):< / p >
< ul >
< li > Plain text. e.g. < code > 123456< / code > < / li >
< li > MD5. (salted. e.g. < code > $1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250< / code > < / li >
< li > PLAIN-MD5 (unsalted MD5). e.g. < code > 0d2bf3c712402f428d48fed691850bfc< / code > < / li >
< li > SSHA. e.g. < code > {SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD< / code > < / li >
< li > SSHA512. e.g. < code > {SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=< / code > < / li >
< / ul >
< p > < strong > NOTE< / strong > : Dovecot claims it supports SSHA512, but I didn't get it work.
Please test it first if you choose SSHA512.< / p >
< h2 id = "default-password-schemes-used-in-iredmail" > Default password schemes used in iRedMail< / h2 >
< ul >
< li > For MySQL and PostgreSQL backends: < code > MD5< / code > (salted).< / li >
< li > For LDAP backend: < code > SSHA< / code > .< / li >
< / ul >
< h2 id = "how-to-use-different-password-hashes-in-iredmail" > How to use different password hashes in iRedMail< / h2 >
< h3 id = "for-mysql-and-postgresql-backends" > For MySQL and PostgreSQL backends< / h3 >
< p > All mail users are stored in SQL table < code > vmail.mailbox< / code > , user password is stored
2014-09-18 01:10:35 -05:00
in SQL column < code > mailbox.password< / code > . For example:
2014-09-17 08:37:38 -05:00
< pre >
2014-09-18 01:10:35 -05:00
sql> UPDATE mailbox SET password='$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250' WHERE username='xx@xx';
sql> UPDATE mailbox SET password='{SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD' WHERE username='xx@xx';
sql> UPDATE mailbox SET password='{SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=' WHERE username='xx@xx';
< / pre > < / p >
2014-09-17 08:37:38 -05:00
< ul >
2014-09-18 01:10:35 -05:00
< li >
< p > To store PLAIN-MD5, you have to prepend < code > {PLAIN-MD5}< / code > in your password hash:
2014-09-17 08:37:38 -05:00
< pre >
2014-09-18 01:10:35 -05:00
sql> UPDATE mailbox SET password='{PLAIN-MD5}0d2bf3c712402f428d48fed691850bfc' WHERE username='xx@xx';
< / pre > < / p >
< / li >
< li >
< p > To store plain password, you have to prepend < code > {PLAIN}< / code > :
< pre > sql> UPDATE mailbox SET password='{PLAIN}123456' WHERE username='xx@xx';< / pre > < / p >
< / li >
2014-09-17 08:37:38 -05:00
< / ul >
< h3 id = "for-ldap-backends" > For LDAP backends< / h3 >
< p > User password is stored in attribute < code > userPassword< / code > of user object.< / p >
< ul >
< li >
< p > To store plain password, SSHA, SSHA512 password hash, just store them in
original format. For example:
< pre >
userPassword: 123456
userPassword: {SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD
userPassword: {SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=< / pre > < / p >
< / li >
< li >
< p > To store standard MD5 password (salted MD5 hash), please prepend < code > {CRYPT}< / code >
(case insensitive) in your password hash. For example:
< pre > userPassword: {CRYPT}$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250< / pre > < / p >
< / li >
< / ul >
< p > < strong > IMPORTANT NOTE< / strong > : If you want to input password hash with phpLDAPadmin,
please choose < code > clear< / code > in the password hash list, then input password hash.< / p > < / body > < / html >