From a0dfbeb4da7f2d301148400092b4459483f5fc29 Mon Sep 17 00:00:00 2001
From: Zhang Huangbin
Date: Thu, 29 Dec 2016 23:18:06 +0800
Subject: [PATCH] Update en_US/migrations/2-password.hashes.md with default
password schemes used by iRedMail.
---
en_US/migrations/2-password.hashes.md | 24 ++++++++++++++++--------
html/password.hashes.html | 17 +++++++++++++++--
2 files changed, 31 insertions(+), 10 deletions(-)
diff --git a/en_US/migrations/2-password.hashes.md b/en_US/migrations/2-password.hashes.md
index 54b9b70f..f90368c1 100644
--- a/en_US/migrations/2-password.hashes.md
+++ b/en_US/migrations/2-password.hashes.md
@@ -41,16 +41,24 @@ __NOTES__:
* in iRedMail-0.9.0 and later versions: `SSHA512`
* in iRedMail-0.8.7 and earlier versions: `salted MD5`
-* For LDAP backend: `SSHA`.
+* For LDAP backends:
+ * in iRedMail-0.9.5 and later versions:
+ * Debian 8, Ubuntu 16.04, FreeBSD: `SSHA512`
+ * RHEL/CentOS 6/7, Ubuntu 14.04, OpenBSD: `SSHA`. OpenLDAP package
+ shipped in these distributions don't support SHA-2 password
+ verification by default.
+ * in iRedMail-0.9.4 and earlier versions: `SSHA`.
- OpenLDAP's builtin password verification doesn't support SHA-2 password
- hash formats directly, so if you have third-party applications which need
- OpenLDAP's builtin password verification, you'd better use `SSHA` hash.
+ !!! note
- But if you don't have this concern, it's ok to store `SSHA512/BCRYPT`
- hash as mail user password, then set `ldap_bind = no` in
- `/etc/dovecot/dovecot.conf`. SMTP/IMAP/POP3 services work with it, but
- Apache basic auth doesn't.
+ OpenLDAP's builtin password verification doesn't support SHA-2 password
+ hash formats directly, so if you have third-party applications which need
+ OpenLDAP's builtin password verification, you'd better use `SSHA` hash.
+
+ If you don't have such concern, it's ok to store `SSHA512/BCRYPT`
+ hash as mail user password, then set `ldap_bind = no` in
+ `/etc/dovecot/dovecot.conf`. SMTP/IMAP/POP3 services work with it, but
+ Apache basic auth doesn't.
## How to use different password hashes in iRedMail
diff --git a/html/password.hashes.html b/html/password.hashes.html
index e969d853..97267246 100644
--- a/html/password.hashes.html
+++ b/html/password.hashes.html
@@ -77,14 +77,27 @@ prepend {CRYPT}
prefix in password hash.
-For LDAP backend: SSHA
.
+For LDAP backends:
+
+- in iRedMail-0.9.5 and later versions:
+- Debian 8, Ubuntu 16.04, FreeBSD:
SSHA512
+- RHEL/CentOS 6/7, Ubuntu 14.04, OpenBSD:
SSHA
. OpenLDAP package
+ shipped in these distributions don't support SHA-2 password
+ verification by default.
+
+
+- in iRedMail-0.9.4 and earlier versions:
SSHA
.
+
+
+
Note
OpenLDAP's builtin password verification doesn't support SHA-2 password
hash formats directly, so if you have third-party applications which need
OpenLDAP's builtin password verification, you'd better use SSHA
hash.
-
But if you don't have this concern, it's ok to store SSHA512/BCRYPT
+
If you don't have such concern, it's ok to store SSHA512/BCRYPT
hash as mail user password, then set ldap_bind = no
in
/etc/dovecot/dovecot.conf
. SMTP/IMAP/POP3 services work with it, but
Apache basic auth doesn't.
+
How to use different password hashes in iRedMail