1DOVEADM-PW(1) Dovecot DOVEADM-PW(1)
2
6 doveadm-pw - Dovecot's password hash generator
7
9 doveadm [-Dv] pw -l
10 doveadm [-Dv] pw [-p password] [-r rounds] [-s scheme] [-u user] [-V]
11 doveadm [-Dv] pw -t hash [-p password] [-u user]
12
14 doveadm pw is used to generate password hashes for different password
15 schemes and optionally verify the generated hash.
16 All generated password hashes have a {scheme} prefix, for example
18 {SHA512-CRYPT.HEX}. All passdbs have a default scheme for passwords
19 stored without the {scheme} prefix. The default scheme can be overrid‐
20 den by storing the password with the scheme prefix.
21
23 Global doveadm(1) options:
24 -D Enables verbosity and debug messages.
26 -o setting=value
28 Overrides the configuration setting from /etc/dovecot/dove‐
29 cot.conf and from the userdb with the given value. In order to
30 override multiple settings, the -o option may be specified mul‐
31 tiple times.
32 -v Enables verbosity, including progress counter.
34 Command specific options:
36 -l List all supported password schemes and exit successfully.
38 There are up to three optional password schemes: BLF-CRYPT
39 (Blowfish crypt), SHA256-CRYPT and SHA512-CRYPT. Their avail‐
40 ability depends on the system's currently used libc.
41 -p password
43 The plain text password for which the hash should be generated.
44 If no password was given doveadm(1) will prompt interactively
45 for one.
46 -r rounds
48 The password schemes BLF-CRYPT, SHA256-CRYPT and SHA512-CRYPT
49 supports a variable number of encryption rounds. The following
50 table shows the minimum/maximum number of encryption rounds per
51 scheme. When the -r option was omitted the default number of
52 encryption rounds will be applied.
53 Scheme | Minimum | Maximum | Default
55 ----------------------------------------------
56 BLF-CRYPT | 4 | 31 | 5
57 SHA256-CRYPT | 1000 | 999999999 | 5000
58 SHA512-CRYPT | 1000 | 999999999 | 5000
59 -s scheme
61 The password scheme which should be used to generate the hashed
62 password. By default the CRAM-MD5 scheme will be used. It is
63 also possible to append an encoding suffix to the scheme. Sup‐
64 ported encoding suffixes are: .b64, .base64 and .hex.
65 See also http://wiki2.dovecot.org/Authentication/PasswordSchemes
66 for more details about password schemes.
67 -t hash
69 Test if the given password hash matches a given plain text pass‐
70 word. You should enclose the password hash in single quotes, if
71 it contains one or more dollar signs ($). The plain text pass‐
72 word may be passed using the -p option. When no password was
73 specified, doveadm(1) will prompt interactively for one.
74 -u user
76 When the DIGEST-MD5 scheme is used, also the user name must be
77 given, because the user name is a part of the generated hash.
78 For more information about Digest-MD5 please read also:
79 http://wiki2.dovecot.org/Authentication/Mechanisms/DigestMD5
80 -V When this option is given, the hashed password will be inter‐
82 nally verified. The result of the verification will be shown
83 after the hashed password, enclosed in parenthesis.
84
86 The first password hash is a DIGEST-MD5 hash for jane.roe@example.com.
87 The second password hash is a CRAM-MD5 hash for john.doe@example.com.
88 doveadm pw -s digest-md5 -u jane.roe@example.com
90 Enter new password:
91 Retype new password:
92 {DIGEST-MD5}9b9dcb4466233a9307bbc33708dffda0
93 doveadm pw
94 Enter new password:
95 Retype new password:
96 {CRAM-MD5}913331d8782236a8ecba7764a63aa27b26437fd40ca878d887f11d81245c2c6b
97
99 Report bugs, including doveconf -n output, to the Dovecot Mailing List
100 <dovecot@dovecot.org>. Information about reporting bugs is available
101 at: http://dovecot.org/bugreport.html
102
104 doveadm(1)
105Dovecot v2.3 2015-06-05 DOVEADM-PW(1)