iredmail-doc/en_US/howto/reset.user.password.md

# Reset user password

> * SSHA512 is recommended for SQL backends, don't use MD5 unless you have a reason.
> * BCRYPT is recommended for SQL backens on BSD systems.

With MySQL or PostgreSQL backends, you can generate a password hash with
`openssl` or `doveadm` command first, then replace old one with this newly
generated one.

For example: generate a SSHA512 password hash with `doveadm`:

```
$ doveadm pw -s 'ssha512' -p '123456'
{SSHA512}jOcGSlKEz95VeuLGecbL0MwJKy0yWY9foj6UlUVfZ2O2SNkEExU3n42YJLXDbLnu3ghnIRBkwDMsM31q7OI0jY5B/5E=
```

To generate a salted MD5 password hash, you can use `doveadm` or `openssl`:

```
# doveadm pw -s 'MD5' -p '123456' | awk -F'{MD5}' '{print $2}'
$1$TDG8oXHb$6YB9NO5NZaZxku0xv6RsW0

# openssl passwd -1 123456
$1$fnWOb5X8$Ed6FYg9CLuWuUQplnwOQK/
```

> __Important note__: SOGo groupware doesn't support salted MD5 hash without a
> prefix, so if you're going to use MD5 password hash with SOGo,
> please prepend `{CRYPT}` prefix in password hash. For example,
> `{CRYPT}$1$TDG8oXHb$6YB9NO5NZaZxku0xv6RsW0`.

* Reset password for user `user@domain.ltd`:

```
sql> USE vmail;
sql> UPDATE mailbox SET password='{SSHA512}jOcGSlKEz95VeuLGecbL0MwJKy0yWY9foj6UlUVfZ2O2SNkEExU3n42YJLXDbLnu3ghnIRBkwDMsM31q7OI0jY5B/5E=' WHERE username='user@domain.ltd';
```

With OpenLDAP backend, you can reset it with phpLDAPadmin or other LDAP client
tools, `SSHA` is preferred if you have other applications to authenticate
users against OpenLDAP.

It's ok to use plain password temporarily, then login to Roundcube webmail
or iRedAdmin-Pro (with self-service enabled) to reset password immediately.
For example:

```
sql> USE vmail;
sql> UPDATE mailbox SET password='{PLAIN}123456' WHERE username='user@domain.ltd';
```

## See also

* [Password hashes used/supported by iRedMail](./password.hashes.html)
New tutorial: howto/reset.user.password.md. 2014-12-03 06:19:12 -06:00			`# Reset user password`

Fix typo in howto/reset.user.password.md. 2015-02-05 06:05:07 -06:00			`> * SSHA512 is recommended for SQL backends, don't use MD5 unless you have a reason.`
Add more comments in howto/ldap.add.mail.list.md, howto/sql.create.mail.alias.md. And link to each other as reference. Mention 'SSHA512' is recommended password hash for SQL backends in html/reset.user.password.html. 2015-02-01 05:22:03 -06:00			`> * BCRYPT is recommended for SQL backens on BSD systems.`

New tutorial: howto/reset.user.password.md. 2014-12-03 06:19:12 -06:00			`With MySQL or PostgreSQL backends, you can generate a password hash with`
			`openssl` or `doveadm` command first, then replace old one with this newly
			`generated one.`

??????? 2015-08-19 08:11:02 -05:00			For example: generate a SSHA512 password hash with `doveadm`:
New tutorial: howto/reset.user.password.md. 2014-12-03 06:19:12 -06:00
			```
Add more comments in howto/ldap.add.mail.list.md, howto/sql.create.mail.alias.md. And link to each other as reference. Mention 'SSHA512' is recommended password hash for SQL backends in html/reset.user.password.html. 2015-02-01 05:22:03 -06:00			`$ doveadm pw -s 'ssha512' -p '123456'`
			`{SSHA512}jOcGSlKEz95VeuLGecbL0MwJKy0yWY9foj6UlUVfZ2O2SNkEExU3n42YJLXDbLnu3ghnIRBkwDMsM31q7OI0jY5B/5E=`
New tutorial: howto/reset.user.password.md. 2014-12-03 06:19:12 -06:00			```

Mention how to generate MD5 password. 2015-08-27 23:00:00 -05:00			To generate a salted MD5 password hash, you can use `doveadm` or `openssl`:

			```
Use awk to strip '{MD5}' prefix while generating md5 hash with doveadm. 2015-09-11 05:39:51 -05:00			`# doveadm pw -s 'MD5' -p '123456' \| awk -F'{MD5}' '{print $2}'`
			`$1$TDG8oXHb$6YB9NO5NZaZxku0xv6RsW0`
Mention how to generate MD5 password. 2015-08-27 23:00:00 -05:00
			`# openssl passwd -1 123456`
			`$1$fnWOb5X8$Ed6FYg9CLuWuUQplnwOQK/`
			```

Use awk to strip '{MD5}' prefix while generating md5 hash with doveadm. 2015-09-11 05:39:51 -05:00			`> __Important note__: SOGo groupware doesn't support salted MD5 hash without a`
			`> prefix, so if you're going to use MD5 password hash with SOGo,`
			> please prepend `{CRYPT}` prefix in password hash. For example,
Mention {CRYPT} prefix for md5 hash in en_US/howto/reset.user.password.md. 2015-08-28 21:27:37 -05:00			> `{CRYPT}$1$TDG8oXHb$6YB9NO5NZaZxku0xv6RsW0`.

??????? 2015-08-19 08:11:02 -05:00			* Reset password for user `user@domain.ltd`:
New tutorial: howto/reset.user.password.md. 2014-12-03 06:19:12 -06:00
			```
			`sql> USE vmail;`
??????? 2015-08-19 08:11:02 -05:00			`sql> UPDATE mailbox SET password='{SSHA512}jOcGSlKEz95VeuLGecbL0MwJKy0yWY9foj6UlUVfZ2O2SNkEExU3n42YJLXDbLnu3ghnIRBkwDMsM31q7OI0jY5B/5E=' WHERE username='user@domain.ltd';`
New tutorial: howto/reset.user.password.md. 2014-12-03 06:19:12 -06:00			```

			`With OpenLDAP backend, you can reset it with phpLDAPadmin or other LDAP client`
Add more comments in howto/ldap.add.mail.list.md, howto/sql.create.mail.alias.md. And link to each other as reference. Mention 'SSHA512' is recommended password hash for SQL backends in html/reset.user.password.html. 2015-02-01 05:22:03 -06:00			tools, `SSHA` is preferred if you have other applications to authenticate
			`users against OpenLDAP.`

Link each other in howto/reset.user.password.md and migrations/password.hashes.md. 2015-02-01 05:31:17 -06:00			`It's ok to use plain password temporarily, then login to Roundcube webmail`
			`or iRedAdmin-Pro (with self-service enabled) to reset password immediately.`
			`For example:`

			```
Typo. 2015-08-26 23:51:21 -05:00			`sql> USE vmail;`
Link each other in howto/reset.user.password.md and migrations/password.hashes.md. 2015-02-01 05:31:17 -06:00			`sql> UPDATE mailbox SET password='{PLAIN}123456' WHERE username='user@domain.ltd';`
			```

Add more comments in howto/ldap.add.mail.list.md, howto/sql.create.mail.alias.md. And link to each other as reference. Mention 'SSHA512' is recommended password hash for SQL backends in html/reset.user.password.html. 2015-02-01 05:22:03 -06:00			`## See also`
New tutorial: howto/reset.user.password.md. 2014-12-03 06:19:12 -06:00
Add more comments in howto/ldap.add.mail.list.md, howto/sql.create.mail.alias.md. And link to each other as reference. Mention 'SSHA512' is recommended password hash for SQL backends in html/reset.user.password.html. 2015-02-01 05:22:03 -06:00			`* [Password hashes used/supported by iRedMail](./password.hashes.html)`