doveadm-pw(1)

1DOVEADM-PW(1)                       Dovecot                      DOVEADM-PW(1)
2
3
4

NAME

6       doveadm-pw - Dovecot's password hash generator
7

SYNOPSIS

9       doveadm [-Dv] pw -l
10       doveadm [-Dv] pw [-p password] [-r rounds] [-s scheme] [-u user] [-V]
11

DESCRIPTION

13       doveadm  pw  is used to generate password hashes for different password
14       schemes and optionally verify the generated hash.
15
16       All generated password hashes  have  a  {scheme}  prefix,  for  example
17       {SHA512-CRYPT.HEX}.   All  passdbs  have a default scheme for passwords
18       stored without the {scheme} prefix.  The default scheme can be overrid‐
19       den by storing the password with the scheme prefix.
20

OPTIONS

22       Global doveadm(1) options:
23
24       -D     Enables verbosity and debug messages.
25
26       -v     Enables verbosity, including progress counter.
27
28       Command specific options:
29
30       -l     List all supported password schemes and exit successfully.
31              There  are  up  to  three  optional  password schemes: BLF-CRYPT
32              (Blowfish crypt), SHA256-CRYPT and SHA512-CRYPT.   Their  avail‐
33              ability depends on the system's currently used libc.
34
35       -p password
36              The  plain text password for which the hash should be generated.
37              If no password was given doveadm(1)  will  prompt  interactively
38              for one.
39
40       -r rounds
41              The  password  schemes  BLF-CRYPT, SHA256-CRYPT and SHA512-CRYPT
42              supports a variable number of encryption rounds.  The  following
43              table  shows the minimum/maximum number of encryption rounds per
44              scheme.  When the -r option was omitted the  default  number  of
45              encryption rounds will be applied.
46
47               Scheme       | Minimum | Maximum   | Default
48              ----------------------------------------------
49               BLF-CRYPT    |       4 |        31 |       5
50               SHA256-CRYPT |    1000 | 999999999 |    5000
51               SHA512-CRYPT |    1000 | 999999999 |    5000
52
53       -s scheme
54              The  password scheme which should be used to generate the hashed
55              password.  By default the CRAM-MD5 scheme will be used.   It  is
56              also  possible to append an encoding suffix to the scheme.  Sup‐
57              ported encoding suffixes are: .b64, .base64 and .hex.
58              See also http://wiki2.dovecot.org/Authentication/PasswordSchemes
59              for more details about password schemes.
60
61       -u user
62              When  the  DIGEST-MD5 scheme is used, also the user name must be
63              given, because the user name is a part of  the  generated  hash.
64              For   more   information  about  Digest-MD5  please  read  also:
65              http://wiki2.dovecot.org/Authentication/Mechanisms/DigestMD5
66
67       -V     When this option is given, the hashed password  will  be  inter‐
68              nally  verified.   The  result of the verification will be shown
69              after the hashed password, enclosed in parenthesis.
70

EXAMPLE

72       The first password hash is a DIGEST-MD5 hash for  jane.roe@example.com.
73       The second password hash is a CRAM-MD5 hash for john.doe@example.com.
74
75       doveadm pw -s digest-md5 -u jane.roe@example.com
76       Enter new password:
77       Retype new password:
78       {DIGEST-MD5}9b9dcb4466233a9307bbc33708dffda0
79       doveadm pw
80       Enter new password:
81       Retype new password:
82       {CRAM-MD5}913331d8782236a8ecba7764a63aa27b26437fd40ca878d887f11d81245c2c6b
83

REPORTING BUGS

85       Report  bugs, including doveconf -n output, to the Dovecot Mailing List
86       <dovecot@dovecot.org>.  Information about reporting bugs  is  available
87       at: http://dovecot.org/bugreport.html
88

NAME

SYNOPSIS

DESCRIPTION

OPTIONS

EXAMPLE

REPORTING BUGS

SEE ALSO