elmau
/
iredmail-doc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update en_US/migrations/2-password.hashes.md with default password schemes used by iRedMail.

This commit is contained in:
Zhang Huangbin 2016-12-29 23:18:06 +08:00
parent fc417438fc
commit a0dfbeb4da
2 changed files with 31 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
en_US/migrations/2-password.hashes.md
View File

@ -41,16 +41,24 @@ __NOTES__:
* in iRedMail-0.9.0 and later versions: `SSHA512`
* in iRedMail-0.8.7 and earlier versions: `salted MD5`
* For LDAP backend: `SSHA`.
* For LDAP backends:
* in iRedMail-0.9.5 and later versions:
* Debian 8, Ubuntu 16.04, FreeBSD: `SSHA512`
* RHEL/CentOS 6/7, Ubuntu 14.04, OpenBSD: `SSHA`. OpenLDAP package
shipped in these distributions don't support SHA-2 password
verification by default.
* in iRedMail-0.9.4 and earlier versions: `SSHA`.
OpenLDAP's builtin password verification doesn't support SHA-2 password
hash formats directly, so if you have third-party applications which need
OpenLDAP's builtin password verification, you'd better use `SSHA` hash.
!!! note
But if you don't have this concern, it's ok to store `SSHA512/BCRYPT`
hash as mail user password, then set `ldap_bind = no` in
`/etc/dovecot/dovecot.conf`. SMTP/IMAP/POP3 services work with it, but
Apache basic auth doesn't.
OpenLDAP's builtin password verification doesn't support SHA-2 password
hash formats directly, so if you have third-party applications which need
OpenLDAP's builtin password verification, you'd better use `SSHA` hash.
If you don't have such concern, it's ok to store `SSHA512/BCRYPT`
hash as mail user password, then set `ldap_bind = no` in
`/etc/dovecot/dovecot.conf`. SMTP/IMAP/POP3 services work with it, but
Apache basic auth doesn't.
## How to use different password hashes in iRedMail

17
html/password.hashes.html
View File

@ -77,14 +77,27 @@ prepend <code>{CRYPT}</code> prefix in password hash.</p>
</ul>
</li>
<li>
<p>For LDAP backend: <code>SSHA</code>.</p>
<p>For LDAP backends:</p>
<ul>
<li>in iRedMail-0.9.5 and later versions:<ul>
<li>Debian 8, Ubuntu 16.04, FreeBSD: <code>SSHA512</code></li>
<li>RHEL/CentOS 6/7, Ubuntu 14.04, OpenBSD: <code>SSHA</code>. OpenLDAP package
shipped in these distributions don't support SHA-2 password
verification by default.</li>
</ul>
</li>
<li>in iRedMail-0.9.4 and earlier versions: <code>SSHA</code>.</li>
</ul>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>OpenLDAP's builtin password verification doesn't support SHA-2 password
hash formats directly, so if you have third-party applications which need
OpenLDAP's builtin password verification, you'd better use <code>SSHA</code> hash.</p>
<p>But if you don't have this concern, it's ok to store <code>SSHA512/BCRYPT</code>
<p>If you don't have such concern, it's ok to store <code>SSHA512/BCRYPT</code>
hash as mail user password, then set <code>ldap_bind = no</code> in
<code>/etc/dovecot/dovecot.conf</code>. SMTP/IMAP/POP3 services work with it, but
Apache basic auth doesn't.</p>
</div>
</li>
</ul>
<h2 id="how-to-use-different-password-hashes-in-iredmail">How to use different password hashes in iRedMail</h2>