1DOVEADM-PW(1) Dovecot DOVEADM-PW(1)
2
6 doveadm-pw - Dovecot's password hash generator
7
9 doveadm [-Dv] pw -l
10 doveadm [-Dv] pw [-p password] [-r rounds] [-s scheme] [-u user] [-V]
11 doveadm [-Dv] pw -t hash [-p password] [-u user]
12
14 doveadm pw is used to generate password hashes for different password
15 schemes and optionally verify the generated hash.
16 All generated password hashes have a {scheme} prefix, for example
18 {SHA512-CRYPT.HEX}. All passdbs have a default scheme for passwords
19 stored without the {scheme} prefix. The default scheme can be overrid‐
20 den by storing the password with the scheme prefix.
21
23 Global doveadm(1) options:
24 -D Enables verbosity and debug messages.
26 -o setting=value
28 Overrides the configuration setting from /etc/dovecot/dove‐
29 cot.conf and from the userdb with the given value. In order to
30 override multiple settings, the -o option may be specified mul‐
31 tiple times.
32 -v Enables verbosity, including progress counter.
34 Command specific options:
36 -l List all supported password schemes and exit successfully.
38 There are up to three optional password schemes: BLF-CRYPT
39 (Blowfish crypt), SHA256-CRYPT and SHA512-CRYPT. Their avail‐
40 ability depends on the system's currently used libc.
41 -p password
43 The plain text password for which the hash should be generated.
44 If no password was given doveadm(1) will prompt interactively
45 for one.
46 -r rounds
48 The password schemes BLF-CRYPT, SHA256-CRYPT and SHA512-CRYPT
49 supports a variable number of encryption rounds. The following
50 table shows the minimum/maximum number of encryption rounds per
51 scheme. When the -r option was omitted the default number of
52 encryption rounds will be applied.
53 Scheme | Minimum | Maximum | Default
55 ----------------------------------------------
56 BLF-CRYPT | 4 | 31 | 5
57 SHA256-CRYPT | 1000 | 999999999 | 5000
58 SHA512-CRYPT | 1000 | 999999999 | 5000
59 -s scheme
61 The password scheme which should be used to generate the hashed
62 password. By default the CRYPT scheme will be used (with the
63 $2y$ bcrypt format). It is also possible to append an encoding
64 suffix to the scheme. Supported encoding suffixes are: .b64,
65 .base64 and .hex.
66 See also http://wiki2.dovecot.org/Authentication/PasswordSchemes
67 for more details about password schemes.
68 -t hash
70 Test if the given password hash matches a given plain text pass‐
71 word. You should enclose the password hash in single quotes, if
72 it contains one or more dollar signs ($). The plain text pass‐
73 word may be passed using the -p option. When no password was
74 specified, doveadm(1) will prompt interactively for one.
75 -u user
77 When the DIGEST-MD5 scheme is used, also the user name must be
78 given, because the user name is a part of the generated hash.
79 For more information about Digest-MD5 please read also:
80 http://wiki2.dovecot.org/Authentication/Mechanisms/DigestMD5
81 -V When this option is given, the hashed password will be inter‐
83 nally verified. The result of the verification will be shown
84 after the hashed password, enclosed in parenthesis.
85
87 The first password hash is a DIGEST-MD5 hash for jane.roe@example.com.
88 The second password hash is a CRAM-MD5 hash for john.doe@example.com.
89 doveadm pw -s digest-md5 -u jane.roe@example.com
91 Enter new password:
92 Retype new password:
93 {DIGEST-MD5}9b9dcb4466233a9307bbc33708dffda0
94 doveadm pw
95 Enter new password:
96 Retype new password:
97 {CRAM-MD5}913331d8782236a8ecba7764a63aa27b26437fd40ca878d887f11d81245c2c6b
98
100 Report bugs, including doveconf -n output, to the Dovecot Mailing List
101 <dovecot@dovecot.org>. Information about reporting bugs is available
102 at: http://dovecot.org/bugreport.html
103
105 doveadm(1)
106Dovecot v2.3 2015-06-05 DOVEADM-PW(1)