1DOVEADM-PW(1)                       Dovecot                      DOVEADM-PW(1)
2
3
4

NAME

6       doveadm-pw - Dovecot's password hash generator
7

SYNOPSIS

9       doveadm [-Dv] pw -l
10       doveadm [-Dv] pw [-p password] [-r rounds] [-s scheme] [-u user] [-V]
11       doveadm [-Dv] pw -t hash [-p password] [-u user]
12

DESCRIPTION

14       doveadm  pw  is used to generate password hashes for different password
15       schemes and optionally verify the generated hash.
16
17       All generated password hashes  have  a  {scheme}  prefix,  for  example
18       {SHA512-CRYPT.HEX}.   All  passdbs  have a default scheme for passwords
19       stored without the {scheme} prefix.  The default scheme can be overrid‐
20       den by storing the password with the scheme prefix.
21

OPTIONS

23       Global doveadm(1) options:
24
25       -D     Enables verbosity and debug messages.
26
27       -o setting=value
28              Overrides  the  configuration  setting  from  /etc/dovecot/dove‐
29              cot.conf and from the userdb with the given value.  In order  to
30              override  multiple settings, the -o option may be specified mul‐
31              tiple times.
32
33       -v     Enables verbosity, including progress counter.
34
35       Command specific options:
36
37       -l     List all supported password schemes and exit successfully.
38              There are up  to  three  optional  password  schemes:  BLF-CRYPT
39              (Blowfish  crypt),  SHA256-CRYPT and SHA512-CRYPT.  Their avail‐
40              ability depends on the system's currently used libc.
41
42       -p password
43              The plain text password for which the hash should be  generated.
44              If  no  password  was given doveadm(1) will prompt interactively
45              for one.
46
47       -r rounds
48              The password schemes  BLF-CRYPT,  SHA256-CRYPT and  SHA512-CRYPT
49              supports  a variable number of encryption rounds.  The following
50              table shows the minimum/maximum number of encryption rounds  per
51              scheme.   When  the  -r option was omitted the default number of
52              encryption rounds will be applied.
53
54               Scheme       | Minimum | Maximum   | Default
55              ----------------------------------------------
56               BLF-CRYPT    |       4 |        31 |       5
57               SHA256-CRYPT |    1000 | 999999999 |    5000
58               SHA512-CRYPT |    1000 | 999999999 |    5000
59
60       -s scheme
61              The password scheme which should be used to generate the  hashed
62              password.   By  default the CRAM-MD5 scheme will be used.  It is
63              also possible to append an encoding suffix to the scheme.   Sup‐
64              ported encoding suffixes are: .b64, .base64 and .hex.
65              See also http://wiki2.dovecot.org/Authentication/PasswordSchemes
66              for more details about password schemes.
67
68       -t hash
69              Test if the given password hash matches a given plain text pass‐
70              word.  You should enclose the password hash in single quotes, if
71              it contains one or more dollar signs ($).  The plain text  pass‐
72              word  may  be  passed using the -p option.  When no password was
73              specified, doveadm(1) will prompt interactively for one.
74
75       -u user
76              When the DIGEST-MD5 scheme is used, also the user name  must  be
77              given,  because  the  user name is a part of the generated hash.
78              For  more  information  about  Digest-MD5  please   read   also:
79              http://wiki2.dovecot.org/Authentication/Mechanisms/DigestMD5
80
81       -V     When  this  option  is given, the hashed password will be inter‐
82              nally verified.  The result of the verification  will  be  shown
83              after the hashed password, enclosed in parenthesis.
84

EXAMPLE

86       The  first password hash is a DIGEST-MD5 hash for jane.roe@example.com.
87       The second password hash is a CRAM-MD5 hash for john.doe@example.com.
88
89       doveadm pw -s digest-md5 -u jane.roe@example.com
90       Enter new password:
91       Retype new password:
92       {DIGEST-MD5}9b9dcb4466233a9307bbc33708dffda0
93       doveadm pw
94       Enter new password:
95       Retype new password:
96       {CRAM-MD5}913331d8782236a8ecba7764a63aa27b26437fd40ca878d887f11d81245c2c6b
97

REPORTING BUGS

99       Report bugs, including doveconf -n output, to the Dovecot Mailing  List
100       <dovecot@dovecot.org>.   Information  about reporting bugs is available
101       at: http://dovecot.org/bugreport.html
102

SEE ALSO

104       doveadm(1)
105
106
107
108Dovecot v2.3                      2015-06-05                     DOVEADM-PW(1)
Impressum