Review: use.or.migrate.password.hashes.md.
This commit is contained in:
parent
4fcecac6bc
commit
8f0bcd4799
|
@ -5,7 +5,7 @@
|
|||
### Why iRedMail doesn't enable SMTPS (SMTP over SSL) by default
|
||||
|
||||
SMTPS is deprecated, so iRedMail disable it by default.
|
||||
Quote from wikipedia.org: http://en.wikipedia.org/wiki/SMTPS
|
||||
Quote from (wikipedia.org)[http://en.wikipedia.org/wiki/SMTPS]
|
||||
|
||||
> Originally, in early 1997, the Internet Assigned Numbers Authority registered 465 for SMTPS. By the end of 1998, this was revoked when STARTTLS has been specified. With STARTTLS, the same port can be used with or without TLS. SMTP was seen as particularly important, because clients of this protocol are often other mail servers, which can not know whether a server they wish to communicate with will have a separate port for TLS. The port 465 is now registered for Source-Specific Multicast audio and video.
|
||||
|
||||
|
|
|
@ -16,8 +16,8 @@ external-pipe unix - n n - - pipe
|
|||
__Note__:
|
||||
|
||||
* You can use some macros to replace with corresponding information from the
|
||||
Postfix queue manager delivery request. Refer to Postfix manual page for more
|
||||
detail: ()[http://www.postfix.org/pipe.8.html]. For example:
|
||||
Postfix queue manager delivery request. Refer to Postfix manual page
|
||||
[pipe(8)](http://www.postfix.org/pipe.8.html) for more details. For example:
|
||||
|
||||
```
|
||||
external-pipe unix - n n - - pipe
|
||||
|
@ -45,11 +45,11 @@ this user will be piped to this new transport - your script.
|
|||
* If you have iRedAdmin-Pro:
|
||||
|
||||
* For iRedAdmin-Pro-LDAP installed, please go to user profile page, under
|
||||
tab `Advanced`, set `Relay/Transport setting` to `external-pipe`. Screenshot for
|
||||
your reference: ()[http://www.iredmail.org/images/iredadmin/user_profile_relay.png]
|
||||
tab `Advanced`, set `Relay/Transport setting` to `external-pipe`.
|
||||
[Screenshot](http://www.iredmail.org/images/iredadmin/user_profile_relay.png) for your reference:
|
||||
|
||||
* For iRedAdmin-Pro-MySQL or iRedAdmin-Pro-PGSQL installed, please go
|
||||
to user profile page, under tab `Relay`, set `/Transport setting` to
|
||||
to user profile page, under tab `Relay`, set `Relay/Transport setting` to
|
||||
`external-pipe`.
|
||||
|
||||
* If you don't have iRedAdmin-Pro, please update LDAP/MySQL/PgSQL database to
|
||||
|
@ -61,9 +61,9 @@ use this new transport.
|
|||
* For MySQL/PostgreSQL backend, please execute below command with SQL
|
||||
command line tool (Replace 'user@domain.ltd' by the real email address):
|
||||
|
||||
```mysql
|
||||
<pre>
|
||||
sql> USE vmail;
|
||||
sql> UPDATE mailbox SET transport='external-pipe' WHERE username='user@domain.ltd';
|
||||
```
|
||||
</pre>
|
||||
|
||||
That's all.
|
||||
|
|
|
@ -0,0 +1,64 @@
|
|||
# How to use or migrate password hashes
|
||||
|
||||
## Password hashes supported by iRedMail
|
||||
|
||||
iRedMail configures Postfix to use Dovecot as SASL authenticate server, so all
|
||||
password schemes supported by Dovecot can be used in iRedMail. Please refer to
|
||||
Dovecot wiki page
|
||||
[`Password Schemes`](http://wiki2.dovecot.org/Authentication/PasswordSchemes) for more details.
|
||||
|
||||
Below password schemes are supported in iRedAdmin-Pro (which means you can add new mail user with either one):
|
||||
|
||||
* Plain text. e.g. `123456`
|
||||
* MD5. (salted. e.g. `$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250`
|
||||
* PLAIN-MD5 (unsalted MD5). e.g. `0d2bf3c712402f428d48fed691850bfc`
|
||||
* SSHA. e.g. `{SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD`
|
||||
* SSHA512. e.g. `{SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=`
|
||||
|
||||
__NOTE__: Dovecot claims it supports SSHA512, but I didn't get it work.
|
||||
Please test it first if you choose SSHA512.
|
||||
|
||||
## Default password schemes used in iRedMail
|
||||
|
||||
* For MySQL and PostgreSQL backends: `MD5` (salted).
|
||||
* For LDAP backend: `SSHA`.
|
||||
|
||||
## How to use different password hashes in iRedMail
|
||||
|
||||
### For MySQL and PostgreSQL backends
|
||||
|
||||
All mail users are stored in SQL table `vmail.mailbox`, user password is stored
|
||||
in SQL column `mailbox.password`. For example:
|
||||
|
||||
<pre>
|
||||
sql> UPDATE mailbox SET password='$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250' WHERE username='xx@xx';
|
||||
sql> UPDATE mailbox SET password='{SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD' WHERE username='xx@xx';
|
||||
sql> UPDATE mailbox SET password='{SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=' WHERE username='xx@xx';
|
||||
</pre>
|
||||
|
||||
* To store PLAIN-MD5, you have to prepend `{PLAIN-MD5}` in your password hash:
|
||||
|
||||
<pre>
|
||||
sql> UPDATE mailbox SET password='{PLAIN-MD5}0d2bf3c712402f428d48fed691850bfc' WHERE username='xx@xx';
|
||||
</pre>
|
||||
|
||||
* To store plain password, you have to prepend `{PLAIN}`:
|
||||
<pre>sql> UPDATE mailbox SET password='{PLAIN}123456' WHERE username='xx@xx';</pre>
|
||||
|
||||
### For LDAP backends
|
||||
|
||||
User password is stored in attribute `userPassword` of user object.
|
||||
|
||||
* To store plain password, SSHA, SSHA512 password hash, just store them in
|
||||
original format. For example:
|
||||
<pre>
|
||||
userPassword: 123456
|
||||
userPassword: {SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD
|
||||
userPassword: {SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=</pre>
|
||||
|
||||
* To store standard MD5 password (salted MD5 hash), please prepend `{CRYPT}`
|
||||
(case insensitive) in your password hash. For example:
|
||||
<pre>userPassword: {CRYPT}$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250</pre>
|
||||
|
||||
__IMPORTANT NOTE__: If you want to input password hash with phpLDAPadmin,
|
||||
please choose `clear` in the password hash list, then input password hash.
|
|
@ -14,8 +14,8 @@ p {
|
|||
margin-bottom: 4px;
|
||||
padding: 0;
|
||||
}
|
||||
h1 { font-size: 36px; }
|
||||
h2 { font-size: 24px; }
|
||||
h1 { font-size: 48px; }
|
||||
h2 { font-size: 36px; padding-top: 24px;}
|
||||
h3 { font-size: 24px; }
|
||||
h4 { font-size: 21px; }
|
||||
h5 { font-size: 18px; }
|
||||
|
@ -249,11 +249,13 @@ pre, code {
|
|||
border-radius: 3px;
|
||||
overflow-x: auto;
|
||||
padding: 5px 10px 5px 10px;
|
||||
word-wrap: normal
|
||||
word-wrap: normal;
|
||||
font-size: 14px;
|
||||
line-height: 20px;
|
||||
}
|
||||
code {padding: 1px 5px 1px 5px;}
|
||||
code { padding: 1px 5px 1px 5px; }
|
||||
pre>code {
|
||||
margin: 0;
|
||||
border: 0;
|
||||
padding: 1px 3px;
|
||||
padding: 5px 10px 5px 10px;
|
||||
}
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
</div>
|
||||
<h3 id="why-iredmail-doesnt-enable-smtps-smtp-over-ssl-by-default">Why iRedMail doesn't enable SMTPS (SMTP over SSL) by default</h3>
|
||||
<p>SMTPS is deprecated, so iRedMail disable it by default.
|
||||
Quote from wikipedia.org: http://en.wikipedia.org/wiki/SMTPS</p>
|
||||
Quote from (wikipedia.org)[http://en.wikipedia.org/wiki/SMTPS]</p>
|
||||
<blockquote>
|
||||
<p>Originally, in early 1997, the Internet Assigned Numbers Authority registered 465 for SMTPS. By the end of 1998, this was revoked when STARTTLS has been specified. With STARTTLS, the same port can be used with or without TLS. SMTP was seen as particularly important, because clients of this protocol are often other mail servers, which can not know whether a server they wish to communicate with will have a separate port for TLS. The port 465 is now registered for Source-Specific Multicast audio and video.</p>
|
||||
</blockquote>
|
||||
|
|
|
@ -19,8 +19,8 @@ config file <code>/etc/postfix/master.cf</code>:</p>
|
|||
<p><strong>Note</strong>:</p>
|
||||
<ul>
|
||||
<li>You can use some macros to replace with corresponding information from the
|
||||
Postfix queue manager delivery request. Refer to Postfix manual page for more
|
||||
detail: ()[http://www.postfix.org/pipe.8.html]. For example:</li>
|
||||
Postfix queue manager delivery request. Refer to Postfix manual page
|
||||
<a href="http://www.postfix.org/pipe.8.html">pipe(8)</a> for more details. For example:</li>
|
||||
</ul>
|
||||
<pre><code>external-pipe unix - n n - - pipe
|
||||
flags=DRhu user=vmail:vmail argv=/path/to/your/external/script.sh -f ${sender} -d ${user}@${domain} -m ${extension}
|
||||
|
@ -47,12 +47,12 @@ this user will be piped to this new transport - your script.</p>
|
|||
<ul>
|
||||
<li>
|
||||
<p>For iRedAdmin-Pro-LDAP installed, please go to user profile page, under
|
||||
tab <code>Advanced</code>, set <code>Relay/Transport setting</code> to <code>external-pipe</code>. Screenshot for
|
||||
your reference: ()[http://www.iredmail.org/images/iredadmin/user_profile_relay.png]</p>
|
||||
tab <code>Advanced</code>, set <code>Relay/Transport setting</code> to <code>external-pipe</code>.
|
||||
<a href="http://www.iredmail.org/images/iredadmin/user_profile_relay.png">Screenshot</a> for your reference:</p>
|
||||
</li>
|
||||
<li>
|
||||
<p>For iRedAdmin-Pro-MySQL or iRedAdmin-Pro-PGSQL installed, please go
|
||||
to user profile page, under tab <code>Relay</code>, set <code>/Transport setting</code> to
|
||||
to user profile page, under tab <code>Relay</code>, set <code>Relay/Transport setting</code> to
|
||||
<code>external-pipe</code>.</p>
|
||||
</li>
|
||||
</ul>
|
||||
|
@ -72,8 +72,9 @@ use this new transport.</p>
|
|||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
<pre><code class="mysql">sql> USE vmail;
|
||||
sql> UPDATE mailbox SET transport='external-pipe' WHERE username='user@domain.ltd';
|
||||
</code></pre>
|
||||
<pre>
|
||||
sql> USE vmail;
|
||||
sql> UPDATE mailbox SET transport='external-pipe' WHERE username='user@domain.ltd';
|
||||
</pre>
|
||||
|
||||
<p>That's all.</p></body></html>
|
|
@ -0,0 +1,69 @@
|
|||
<html>
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||||
<title></title>
|
||||
<link href="../css/markdown.css" rel="stylesheet"></head>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<h1 id="how-to-use-or-migrate-password-hashes">How to use or migrate password hashes</h1>
|
||||
<h2 id="password-hashes-supported-by-iredmail">Password hashes supported by iRedMail</h2>
|
||||
<p>iRedMail configures Postfix to use Dovecot as SASL authenticate server, so all
|
||||
password schemes supported by Dovecot can be used in iRedMail. Please refer to
|
||||
Dovecot wiki page
|
||||
<a href="http://wiki2.dovecot.org/Authentication/PasswordSchemes"><code>Password Schemes</code></a> for more details.</p>
|
||||
<p>Below password schemes are supported in iRedAdmin-Pro (which means you can add new mail user with either one):</p>
|
||||
<ul>
|
||||
<li>Plain text. e.g. <code>123456</code></li>
|
||||
<li>MD5. (salted. e.g. <code>$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250</code></li>
|
||||
<li>PLAIN-MD5 (unsalted MD5). e.g. <code>0d2bf3c712402f428d48fed691850bfc</code></li>
|
||||
<li>SSHA. e.g. <code>{SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD</code></li>
|
||||
<li>SSHA512. e.g. <code>{SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=</code></li>
|
||||
</ul>
|
||||
<p><strong>NOTE</strong>: Dovecot claims it supports SSHA512, but I didn't get it work.
|
||||
Please test it first if you choose SSHA512.</p>
|
||||
<h2 id="default-password-schemes-used-in-iredmail">Default password schemes used in iRedMail</h2>
|
||||
<ul>
|
||||
<li>For MySQL and PostgreSQL backends: <code>MD5</code> (salted).</li>
|
||||
<li>For LDAP backend: <code>SSHA</code>.</li>
|
||||
</ul>
|
||||
<h2 id="how-to-use-different-password-hashes-in-iredmail">How to use different password hashes in iRedMail</h2>
|
||||
<h3 id="for-mysql-and-postgresql-backends">For MySQL and PostgreSQL backends</h3>
|
||||
<p>All mail users are stored in SQL table <code>vmail.mailbox</code>, user password is stored
|
||||
in SQL column <code>mailbox.password</code>. For example:</p>
|
||||
<pre>
|
||||
sql> UPDATE mailbox SET password='$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250' WHERE username='xx@xx';
|
||||
sql> UPDATE mailbox SET password='{SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD' WHERE username='xx@xx';
|
||||
sql> UPDATE mailbox SET password='{SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=' WHERE username='xx@xx';
|
||||
</pre>
|
||||
|
||||
<ul>
|
||||
<li>To store PLAIN-MD5, you have to prepend <code>{PLAIN-MD5}</code> in your password hash:</li>
|
||||
</ul>
|
||||
<pre>
|
||||
sql> UPDATE mailbox SET password='{PLAIN-MD5}0d2bf3c712402f428d48fed691850bfc' WHERE username='xx@xx';
|
||||
</pre>
|
||||
|
||||
<ul>
|
||||
<li>To store plain password, you have to prepend <code>{PLAIN}</code>:
|
||||
<pre>sql> UPDATE mailbox SET password='{PLAIN}123456' WHERE username='xx@xx';</pre></li>
|
||||
</ul>
|
||||
<h3 id="for-ldap-backends">For LDAP backends</h3>
|
||||
<p>User password is stored in attribute <code>userPassword</code> of user object.</p>
|
||||
<ul>
|
||||
<li>
|
||||
<p>To store plain password, SSHA, SSHA512 password hash, just store them in
|
||||
original format. For example:
|
||||
<pre>
|
||||
userPassword: 123456
|
||||
userPassword: {SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD
|
||||
userPassword: {SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=</pre></p>
|
||||
</li>
|
||||
<li>
|
||||
<p>To store standard MD5 password (salted MD5 hash), please prepend <code>{CRYPT}</code>
|
||||
(case insensitive) in your password hash. For example:
|
||||
<pre>userPassword: {CRYPT}$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250</pre></p>
|
||||
</li>
|
||||
</ul>
|
||||
<p><strong>IMPORTANT NOTE</strong>: If you want to input password hash with phpLDAPadmin,
|
||||
please choose <code>clear</code> in the password hash list, then input password hash.</p></body></html>
|
|
@ -15,6 +15,7 @@
|
|||
<li><a href="faq-howto/howto.enable.smtps.service.html"> How to enable SMTPS service (SMTP over SSL, port 465)</a></li>
|
||||
<li><a href="faq-howto/pipe.incoming.email.for.certain.user.to.external.script.html"> How to pipe incoming email for certain user to external script </a></li>
|
||||
<li><a href="faq-howto/unattended.iredmail.installation.html"> How to perform silent/unattended iRedMail installation</a></li>
|
||||
<li><a href="faq-howto/use.or.migrate.password.hashes.html"> How to use or migrate password hashes</a></li>
|
||||
</ul>
|
||||
<h1 id="backup-and-restore">Backup and Restore</h1>
|
||||
<ul>
|
||||
|
|
|
@ -1,48 +0,0 @@
|
|||
<http://www.iredmail.org/wiki/index.php?title=IRedMail/FAQ/use.or.migrate.password.hashes>
|
||||
|
||||
#How to use or migrate password hashes
|
||||
|
||||
## Password hashes supported by iRedMail
|
||||
iRedMail configures Postfix to use Dovecot as SASL authenticate server, so all password schemes supported by Dovecot can be used in iRedMail. Please refer to Dovecot wiki page for more details: <http://wiki2.dovecot.org/Authentication/PasswordSchemes>
|
||||
|
||||
Below password schemes are supported in iRedAdmin-Pro (which means you can add new mail user with either one):
|
||||
|
||||
* Plain text. (e.g. '123456')
|
||||
* MD5. (salted. e.g. $1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250)
|
||||
* PLAIN-MD5. (unsalted. e.g. 0d2bf3c712402f428d48fed691850bfc)
|
||||
* SSHA. (e.g. {SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD)
|
||||
* SSHA512. (e.g. {SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=)
|
||||
|
||||
##Default password schemes used in iRedMail
|
||||
* In MySQL and PostgreSQL backends, iRedMail stores password as salted MD5 hash. For example: __$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250__
|
||||
* In OpenLDAP backend, iRedMail stores password as SSHA hash. For example: __{SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD__.
|
||||
|
||||
##How to use different password hashes in iRedMail
|
||||
|
||||
###For MySQL and PostgreSQL backends
|
||||
|
||||
All mail users are stored in SQL table "vmail.mailbox", user password is stored in SQL column "mailbox.password".
|
||||
|
||||
* To store standard MD5 password (salted MD5 hash) or SSHA, SSHA512, just store the password hash in column "mailbox.password". For example:
|
||||
<pre>sql> UPDATE mailbox SET password='$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250' WHERE username='xx@xx';
|
||||
sql> UPDATE mailbox SET password='{SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD' WHERE username='xx@xx';
|
||||
sql> UPDATE mailbox SET password='{SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=' WHERE username='xx@xx';
|
||||
</pre>
|
||||
|
||||
* To store PLAIN-MD5, you have to prepend __{PLAIN-MD5}__ in your password hash:
|
||||
<pre>sql> UPDATE mailbox SET password='{PLAIN-MD5}0d2bf3c712402f428d48fed691850bfc' WHERE username='xx@xx';</pre>
|
||||
|
||||
* To store plain password, you have to prepend __{PLAIN}__:
|
||||
<pre>sql> UPDATE mailbox SET password='{PLAIN}123456' WHERE username='xx@xx';</pre>
|
||||
|
||||
###For OpenLDAP backends
|
||||
User password is stored in LDAP user object, in attribute "userPassword".
|
||||
|
||||
* To store plain password, SSHA, SSHA512 password hash, just store them in original format. For example:
|
||||
<pre>userPassword: 123456
|
||||
userPassword: {SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD
|
||||
userPassword: {SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=</pre>
|
||||
|
||||
* To store standard MD5 password (salted MD5 hash), please prepend __{crypt}__ in your password hash. For example:
|
||||
<pre>userPassword: {crypt}$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250</pre>
|
||||
__IMPORTANT NOTE__: If you want to input password hash with phpLDAPadmin, please choose "clear" in the password hash list in phpLDAPadmin, then input "{crypt}$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250" (without quotes, of course).
|
Loading…
Reference in New Issue