logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

doveadm-pw - Dovecot's password hash generator

Description

doveadmpw  is used to generate password hashes for different password schemes and optionally verify the
       generated hash.

       All generated password hashes have a {scheme} prefix, for example {SHA512-CRYPT.HEX}.  All passdbs have a
       default scheme for passwords stored without the {scheme} prefix.  The default scheme can be overridden by
       storing the password with the scheme prefix.

Example

       The  first  password  hash  is a DIGEST-MD5 hash for jane.roe@example.com.  The second password hash is a
       CRAM-MD5 hash for john.doe@example.com.

       doveadmpw-sdigest-md5-ujane.roe@example.com
       Enter new password:
       Retype new password:
       {DIGEST-MD5}9b9dcb4466233a9307bbc33708dffda0
       doveadmpw
       Enter new password:
       Retype new password:
       {CRAM-MD5}913331d8782236a8ecba7764a63aa27b26437fd40ca878d887f11d81245c2c6b

Name

       doveadm-pw - Dovecot's password hash generator

Options

       Global doveadm(1) options:

       -D     Enables verbosity and debug messages.

       -osetting=value
              Overrides the configuration setting from /etc/dovecot/dovecot.conf and from the  userdb  with  the
              given  value.   In  order  to  override multiple settings, the -o option may be specified multiple
              times.

       -v     Enables verbosity, including progress counter.

       Command specific options:

       -l     List all supported password schemes and exit successfully.
              There are up to three optional password  schemes:  BLF-CRYPT  (Blowfish  crypt),  SHA256-CRYPT and
              SHA512-CRYPT.  Their availability depends on the system's currently used libc.

       -ppassword
              The  plain  text  password  for  which  the  hash  should  be generated.  If no password was given
              doveadm(1) will prompt interactively for one.

       -rrounds
              The password schemes BLF-CRYPT,  SHA256-CRYPT and  SHA512-CRYPT  supports  a  variable  number  of
              encryption  rounds.  The following table shows the minimum/maximum number of encryption rounds per
              scheme.  When the -r option was omitted the default number of encryption rounds will be applied.

               Scheme       | Minimum | Maximum   | Default
              ----------------------------------------------
               BLF-CRYPT    |       4 |        31 |       5
               SHA256-CRYPT |    1000 | 999999999 |    5000
               SHA512-CRYPT |    1000 | 999999999 |    5000

       -sscheme
              The password scheme which should be  used  to  generate  the  hashed  password.   By  default  the
              CRYPTscheme  will  be  used  (with  the  $2y$  bcrypt  format).  It is also possible to append an
              encoding suffix to the scheme.  Supported encoding suffixes are: .b64, .base64 and .hex.
              See also http://wiki2.dovecot.org/Authentication/PasswordSchemes for more details  about  password
              schemes.

       -thash
              Test  if  the  given  password  hash  matches a given plain text password.  You should enclose the
              password hash in single quotes, if it contains one or more  dollar  signs  ($).   The  plain  text
              password  may  be  passed  using  the  -p option.  When no password was specified, doveadm(1) will
              prompt interactively for one.

       -uuser
              When the DIGEST-MD5scheme is used, also the user name must be given, because the user name  is  a
              part   of   the  generated  hash.   For  more  information  about  Digest-MD5  please  read  also:
              http://wiki2.dovecot.org/Authentication/Mechanisms/DigestMD5-V     When this option is given, the hashed password will be internally verified.   The  result  of  the
              verification will be shown after the hashed password, enclosed in parenthesis.

Reporting Bugs

       Report  bugs,  including  doveconf-n  output,  to  the  Dovecot  Mailing  List   <dovecot@dovecot.org>.
       Information about reporting bugs is available at: http://dovecot.org/bugreport.html

See Also

doveadm(1)

Dovecot v2.3                                       2015-06-05                                      DOVEADM-PW(1)

Synopsis

doveadm [-Dv] pw-ldoveadm [-Dv] pw [-ppassword] [-rrounds] [-sscheme] [-uuser] [-V]
       doveadm [-Dv] pw-thash [-ppassword] [-uuser]

See Also