From eb771005af7e608e3565a0af6f6955ab738a0233 Mon Sep 17 00:00:00 2001 From: Zhang Huangbin Date: Tue, 11 Apr 2017 10:17:11 +0800 Subject: [PATCH] Doc clean up. --- en_US/howto/reset.user.password.md | 19 ++++++++++++++++--- html/reset.user.password.html | 20 +++++++++++++++++--- 2 files changed, 33 insertions(+), 6 deletions(-) diff --git a/en_US/howto/reset.user.password.md b/en_US/howto/reset.user.password.md index e26909d3..bfa4a8ed 100644 --- a/en_US/howto/reset.user.password.md +++ b/en_US/howto/reset.user.password.md @@ -15,19 +15,28 @@ time to reset password to prevent mail message leak. > * BCRYPT is recommended on BSD systems. > * MD5 is not safe, DO NOT USE IT no matter what reasons you have. -To generate password hash for new password, please use `doveadm` command. For -example: generate a SSHA512 password hash: +To generate password hash for new password, please use `doveadm` command. + +* Generate a SSHA512 password hash: ``` $ doveadm pw -s 'ssha512' -p '123456' {SSHA512}jOcGSlKEz95VeuLGecbL0MwJKy0yWY9foj6UlUVfZ2O2SNkEExU3n42YJLXDbLnu3ghnIRBkwDMsM31q7OI0jY5B/5E= ``` +* Generate a BCRYPT password hash on BSD system: + +``` +$ doveadm pw -s 'blf-crypt' -p '123' +{BLF-CRYPT}$2a$05$9CTW6FZtjHeK6W.2YMmzOeAj2YFvDpP4JEH0uH/YLQI81jPWDtzQW +``` + ### SQL backends To reset password for user `user@domain.ltd`, please login to SQL server as either SQL root user or `vmailadmin` user (note: sql user `vmail` has read-only -privilege to `vmail` database, so you cannot use it to change user password): +privilege to `vmail` database, so you cannot use it to change user password), +then execute SQL commands to reset password: ``` sql> USE vmail; @@ -43,6 +52,10 @@ preferred. ## Reset password with scripts shipped in iRedAdmin-Pro +!!! attention + + iRedAdmin-Pro scripts support both SQL and LDAP backends. + ### Reset password for one user iRedAdmin-Pro ships script `tools/reset_user_password.py` to help you reset diff --git a/html/reset.user.password.html b/html/reset.user.password.html index 5688a16e..ef5577a1 100644 --- a/html/reset.user.password.html +++ b/html/reset.user.password.html @@ -52,16 +52,26 @@ time to reset password to prevent mail message leak.

  • MD5 is not safe, DO NOT USE IT no matter what reasons you have.
    • -

    To generate password hash for new password, please use doveadm command. For -example: generate a SSHA512 password hash:

    +

    To generate password hash for new password, please use doveadm command.

    + 
    $ doveadm pw -s 'ssha512' -p '123456'
 {SSHA512}jOcGSlKEz95VeuLGecbL0MwJKy0yWY9foj6UlUVfZ2O2SNkEExU3n42YJLXDbLnu3ghnIRBkwDMsM31q7OI0jY5B/5E=
    + +
    $ doveadm pw -s 'blf-crypt' -p '123'
+{BLF-CRYPT}$2a$05$9CTW6FZtjHeK6W.2YMmzOeAj2YFvDpP4JEH0uH/YLQI81jPWDtzQW
+
    +

    SQL backends

    To reset password for user user@domain.ltd, please login to SQL server as either SQL root user or vmailadmin user (note: sql user vmail has read-only -privilege to vmail database, so you cannot use it to change user password):

    +privilege to vmail database, so you cannot use it to change user password), +then execute SQL commands to reset password:

    sql> USE vmail;
 sql> UPDATE mailbox SET password='{SSHA512}jOcGSlKEz95VeuLGecbL0MwJKy0yWY9foj6UlUVfZ2O2SNkEExU3n42YJLXDbLnu3ghnIRBkwDMsM31q7OI0jY5B/5E=' WHERE username='user@domain.ltd';
    @@ -72,6 +82,10 @@ LDAP client tools. SSHA512 is recommended, but if you have some app which needs to perform authentication with ldap dn directly, then SSHA is preferred.

    Reset password with scripts shipped in iRedAdmin-Pro

    +
    +

    Attention

    +

    iRedAdmin-Pro scripts support both SQL and LDAP backends.

    +

    Reset password for one user

    iRedAdmin-Pro ships script tools/reset_user_password.py to help you reset one user's password. For example, on CentOS 7 (iRedAdmin is installed under