2016-05-19 06:51:20 -05:00
<!DOCTYPE html>
2014-12-03 06:19:12 -06:00
< html >
< head >
< meta http-equiv = "Content-Type" content = "text/html; charset=utf-8" / >
< title > Reset user password< / title >
2015-07-31 23:14:52 -05:00
< link rel = "stylesheet" type = "text/css" href = "./css/markdown.css" / >
2014-12-03 06:19:12 -06:00
< / head >
< body >
< div id = "navigation" >
2017-11-16 21:48:44 -06:00
< a href = "https://www.iredmail.org" target = "_blank" >
2016-04-19 12:48:51 -05:00
< img alt = "iRedMail web site"
src="./images/logo-iredmail.png"
style="vertical-align: middle; height: 30px;"
/>
< span > iRedMail< / span >
< / a >
2016-04-21 23:33:25 -05:00
// < a href = "./index.html" > Document Index< / a > < / div > < div class = "admonition note" >
2016-11-11 02:56:08 -06:00
< p class = "admonition-title" > This tutorial is available in other languages. < a href = "https://bitbucket.org/zhb/iredmail-docs/src" > Help translate more< / a > < / p >
2016-04-24 09:21:04 -05:00
< p > < a href = "./reset.user.password-zh_CN.html" > 简体中文< / a > /< / p >
2016-04-21 23:33:25 -05:00
< / div >
< h1 id = "reset-user-password" > Reset user password< / h1 >
2017-04-10 21:12:08 -05:00
< div class = "toc" >
< ul >
< li > < a href = "#reset-user-password" > Reset user password< / a > < ul >
< li > < a href = "#reset-password-with-sqlldap-command-line" > Reset password with SQL/LDAP command line< / a > < ul >
< li > < a href = "#generate-password-hash-for-new-password" > Generate password hash for new password< / a > < / li >
< li > < a href = "#sql-backends" > SQL backends< / a > < / li >
< li > < a href = "#ldap-backends" > LDAP backends< / a > < / li >
< / ul >
< / li >
< li > < a href = "#reset-password-with-scripts-shipped-in-iredadmin-pro" > Reset password with scripts shipped in iRedAdmin-Pro< / a > < ul >
< li > < a href = "#reset-password-for-one-user" > Reset password for one user< / a > < / li >
< li > < a href = "#reset-passwords-for-multiple-users-with-a-csv-file" > Reset passwords for multiple users with a CSV file< / a > < / li >
< / ul >
< / li >
< li > < a href = "#see-also" > See also< / a > < / li >
< / ul >
< / li >
< / ul >
< / div >
< h2 id = "reset-password-with-sqlldap-command-line" > Reset password with SQL/LDAP command line< / h2 >
< h3 id = "generate-password-hash-for-new-password" > Generate password hash for new password< / h3 >
< p > Storing password in plain text is dangerous, so we need to hash the password.
In case the SQL/LDAP database was leaked/cracked, cracker still need some time
to decode the password hash to get plain password, this will give you some
time to reset password to prevent mail message leak.< / p >
2015-02-01 05:22:03 -06:00
< blockquote >
< ul >
2017-04-10 21:12:08 -05:00
< li > SSHA512 is recommended on Linux systems.< / li >
< li > BCRYPT is recommended on BSD systems.< / li >
< li > MD5 is not safe, DO NOT USE IT no matter what reasons you have.< / li >
2015-02-01 05:22:03 -06:00
< / ul >
< / blockquote >
2017-04-10 21:17:11 -05:00
< p > To generate password hash for new password, please use < code > doveadm< / code > command.< / p >
< ul >
< li > Generate a SSHA512 password hash:< / li >
< / ul >
2015-02-01 05:22:03 -06:00
< pre > < code > $ doveadm pw -s 'ssha512' -p '123456'
{SSHA512}jOcGSlKEz95VeuLGecbL0MwJKy0yWY9foj6UlUVfZ2O2SNkEExU3n42YJLXDbLnu3ghnIRBkwDMsM31q7OI0jY5B/5E=
2014-12-03 06:19:12 -06:00
< / code > < / pre >
2017-04-10 21:17:11 -05:00
< ul >
< li > Generate a BCRYPT password hash on BSD system:< / li >
< / ul >
< pre > < code > $ doveadm pw -s 'blf-crypt' -p '123'
{BLF-CRYPT}$2a$05$9CTW6FZtjHeK6W.2YMmzOeAj2YFvDpP4JEH0uH/YLQI81jPWDtzQW
< / code > < / pre >
2017-04-10 21:12:08 -05:00
< h3 id = "sql-backends" > SQL backends< / h3 >
< p > To reset password for user < code > user@domain.ltd< / code > , please login to SQL server as
either SQL root user or < code > vmailadmin< / code > user (note: sql user < code > vmail< / code > has read-only
2017-04-10 21:17:11 -05:00
privilege to < code > vmail< / code > database, so you cannot use it to change user password),
then execute SQL commands to reset password:< / p >
2014-12-03 06:19:12 -06:00
< pre > < code > sql> USE vmail;
2015-08-19 08:11:02 -05:00
sql> UPDATE mailbox SET password='{SSHA512}jOcGSlKEz95VeuLGecbL0MwJKy0yWY9foj6UlUVfZ2O2SNkEExU3n42YJLXDbLnu3ghnIRBkwDMsM31q7OI0jY5B/5E=' WHERE username='user@domain.ltd';
2014-12-03 06:19:12 -06:00
< / code > < / pre >
2017-04-10 21:12:08 -05:00
< h3 id = "ldap-backends" > LDAP backends< / h3 >
2017-04-10 19:31:14 -05:00
< p > With OpenLDAP backend, you can reset it with < code > ldapvi< / code > , phpLDAPadmin or other
LDAP client tools. < code > SSHA512< / code > is recommended, but if you have some application
which needs to perform authentication with ldap dn directly, then < code > SSHA< / code > is
preferred.< / p >
2017-04-10 21:12:08 -05:00
< h2 id = "reset-password-with-scripts-shipped-in-iredadmin-pro" > Reset password with scripts shipped in iRedAdmin-Pro< / h2 >
2017-04-10 21:17:11 -05:00
< div class = "admonition attention" >
< p class = "admonition-title" > Attention< / p >
< p > iRedAdmin-Pro scripts support both SQL and LDAP backends.< / p >
< / div >
2017-04-10 21:12:08 -05:00
< h3 id = "reset-password-for-one-user" > Reset password for one user< / h3 >
< p > iRedAdmin-Pro ships script < code > tools/reset_user_password.py< / code > to help you reset
one user's password. For example, on CentOS 7 (iRedAdmin is installed under
< code > /var/www/iredadmin< / code > ):< / p >
< pre > < code > cd /var/www/iredadmin/tools/
python reset_user_password.py user@domain.ltd '123456'
< / code > < / pre >
< p > Sample output:< / p >
< pre > < code > [user@domain.ltd] Password has been reset.
< / code > < / pre >
< h3 id = "reset-passwords-for-multiple-users-with-a-csv-file" > Reset passwords for multiple users with a CSV file< / h3 >
< p > If you need to update many users' passwords, another way is resetting passwords
with script shipped in iRedAdmin-Pro: < code > tools/update_password_in_csv.py< / code > . It
reads the user email addresses and NEW passwords from a CSV file.< / p >
< p > The content is CSV file is:< / p >
< pre > < code > < email> < new_password>
< / code > < / pre >
< p > One mail user (and new password) per line. For example, file < code > new_passwords.csv< / code > :< / p >
< pre > < code > user1@domain.com pF4mTq4jaRzDLlWl
user2@domain.com SPhkTUlZs1TBxvmJ
user3@domain.com 8deNR8IBLycRujDN
< / code > < / pre >
< p > Then run script with this file:< / p >
< pre > < code > python update_password_in_csv.py new_passwords.csv
2015-02-01 05:31:17 -06:00
< / code > < / pre >
2015-02-01 05:22:03 -06:00
< h2 id = "see-also" > See also< / h2 >
< ul >
< li > < a href = "./password.hashes.html" > Password hashes used/supported by iRedMail< / a > < / li >
2016-05-26 10:09:58 -05:00
< li > < a href = "./promote.user.to.global.admin.html" > Promote a mail user to be global admin< / a > < / li >
2016-05-19 06:51:20 -05:00
< / ul > < div class = "footer" >
2017-11-16 21:48:44 -06:00
< p style = "text-align: center; color: grey;" > All documents are available in < a href = "https://bitbucket.org/zhb/iredmail-docs/src" > BitBucket repository< / a > , and published under < a href = "http://creativecommons.org/licenses/by-nd/3.0/us/" target = "_blank" > Creative Commons< / a > license. You can < a href = "https://bitbucket.org/zhb/iredmail-docs/get/tip.tar.bz2" > download the latest version< / a > for offline reading. If you found something wrong, please do < a href = "https://www.iredmail.org/contact.html" > contact us< / a > to fix it.< / p >
2016-05-19 06:51:20 -05:00
< / div >
2017-11-05 02:33:58 -06:00
<!-- Global site tag (gtag.js) - Google Analytics -->
< script async src = "https://www.googletagmanager.com/gtag/js?id=UA-3293801-21" > < / script >
< script >
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
2015-02-05 07:02:53 -06:00
2017-11-05 02:33:58 -06:00
gtag('config', 'UA-3293801-21');
2014-12-03 06:19:12 -06:00
< / script >
< / body > < / html >