Update en_US/migrations/2-password.hashes.md with default password schemes used by iRedMail.
This commit is contained in:
parent
fc417438fc
commit
a0dfbeb4da
|
@ -41,16 +41,24 @@ __NOTES__:
|
|||
* in iRedMail-0.9.0 and later versions: `SSHA512`
|
||||
* in iRedMail-0.8.7 and earlier versions: `salted MD5`
|
||||
|
||||
* For LDAP backend: `SSHA`.
|
||||
* For LDAP backends:
|
||||
* in iRedMail-0.9.5 and later versions:
|
||||
* Debian 8, Ubuntu 16.04, FreeBSD: `SSHA512`
|
||||
* RHEL/CentOS 6/7, Ubuntu 14.04, OpenBSD: `SSHA`. OpenLDAP package
|
||||
shipped in these distributions don't support SHA-2 password
|
||||
verification by default.
|
||||
* in iRedMail-0.9.4 and earlier versions: `SSHA`.
|
||||
|
||||
OpenLDAP's builtin password verification doesn't support SHA-2 password
|
||||
hash formats directly, so if you have third-party applications which need
|
||||
OpenLDAP's builtin password verification, you'd better use `SSHA` hash.
|
||||
!!! note
|
||||
|
||||
But if you don't have this concern, it's ok to store `SSHA512/BCRYPT`
|
||||
hash as mail user password, then set `ldap_bind = no` in
|
||||
`/etc/dovecot/dovecot.conf`. SMTP/IMAP/POP3 services work with it, but
|
||||
Apache basic auth doesn't.
|
||||
OpenLDAP's builtin password verification doesn't support SHA-2 password
|
||||
hash formats directly, so if you have third-party applications which need
|
||||
OpenLDAP's builtin password verification, you'd better use `SSHA` hash.
|
||||
|
||||
If you don't have such concern, it's ok to store `SSHA512/BCRYPT`
|
||||
hash as mail user password, then set `ldap_bind = no` in
|
||||
`/etc/dovecot/dovecot.conf`. SMTP/IMAP/POP3 services work with it, but
|
||||
Apache basic auth doesn't.
|
||||
|
||||
## How to use different password hashes in iRedMail
|
||||
|
||||
|
|
|
@ -77,14 +77,27 @@ prepend <code>{CRYPT}</code> prefix in password hash.</p>
|
|||
</ul>
|
||||
</li>
|
||||
<li>
|
||||
<p>For LDAP backend: <code>SSHA</code>.</p>
|
||||
<p>For LDAP backends:</p>
|
||||
<ul>
|
||||
<li>in iRedMail-0.9.5 and later versions:<ul>
|
||||
<li>Debian 8, Ubuntu 16.04, FreeBSD: <code>SSHA512</code></li>
|
||||
<li>RHEL/CentOS 6/7, Ubuntu 14.04, OpenBSD: <code>SSHA</code>. OpenLDAP package
|
||||
shipped in these distributions don't support SHA-2 password
|
||||
verification by default.</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li>in iRedMail-0.9.4 and earlier versions: <code>SSHA</code>.</li>
|
||||
</ul>
|
||||
<div class="admonition note">
|
||||
<p class="admonition-title">Note</p>
|
||||
<p>OpenLDAP's builtin password verification doesn't support SHA-2 password
|
||||
hash formats directly, so if you have third-party applications which need
|
||||
OpenLDAP's builtin password verification, you'd better use <code>SSHA</code> hash.</p>
|
||||
<p>But if you don't have this concern, it's ok to store <code>SSHA512/BCRYPT</code>
|
||||
<p>If you don't have such concern, it's ok to store <code>SSHA512/BCRYPT</code>
|
||||
hash as mail user password, then set <code>ldap_bind = no</code> in
|
||||
<code>/etc/dovecot/dovecot.conf</code>. SMTP/IMAP/POP3 services work with it, but
|
||||
Apache basic auth doesn't.</p>
|
||||
</div>
|
||||
</li>
|
||||
</ul>
|
||||
<h2 id="how-to-use-different-password-hashes-in-iredmail">How to use different password hashes in iRedMail</h2>
|
||||
|
|
Loading…
Reference in New Issue