1DOVEADM-PW(1)                       Dovecot                      DOVEADM-PW(1)
2
3
4

NAME

6       doveadm-pw - Dovecot's password hash generator
7

SYNOPSIS

9       doveadm [-Dv] pw -l
10       doveadm [-Dv] pw [-p password] [-r rounds] [-s scheme] [-u user] [-V]
11       doveadm [-Dv] pw -t hash [-p password] [-u user]
12

DESCRIPTION

14       doveadm  pw  is used to generate password hashes for different password
15       schemes and optionally verify the generated hash.
16
17       All generated password hashes  have  a  {scheme}  prefix,  for  example
18       {SHA512-CRYPT.HEX}.   All  passdbs  have a default scheme for passwords
19       stored without the {scheme} prefix.  The default scheme can be overrid‐
20       den by storing the password with the scheme prefix.
21

OPTIONS

23       Global doveadm(1) options:
24
25       -D     Enables verbosity and debug messages.
26
27       -o setting=value
28              Overrides  the  configuration  setting  from  /etc/dovecot/dove‐
29              cot.conf and from the userdb with the given value.  In order  to
30              override  multiple settings, the -o option may be specified mul‐
31              tiple times.
32
33       -v     Enables verbosity, including progress counter.
34
35       Command specific options:
36
37       -l     List all supported password schemes and exit successfully.
38              There are up  to  three  optional  password  schemes:  BLF-CRYPT
39              (Blowfish  crypt),  SHA256-CRYPT and SHA512-CRYPT.  Their avail‐
40              ability depends on the system's currently used libc.
41
42       -p password
43              The plain text password for which the hash should be  generated.
44              If  no  password  was given doveadm(1) will prompt interactively
45              for one.
46
47       -r rounds
48              The password schemes  BLF-CRYPT,  SHA256-CRYPT and  SHA512-CRYPT
49              supports  a variable number of encryption rounds.  The following
50              table shows the minimum/maximum number of encryption rounds  per
51              scheme.   When  the  -r option was omitted the default number of
52              encryption rounds will be applied.
53
54               Scheme       | Minimum | Maximum   | Default
55              ----------------------------------------------
56               BLF-CRYPT    |       4 |        31 |       5
57               SHA256-CRYPT |    1000 | 999999999 |    5000
58               SHA512-CRYPT |    1000 | 999999999 |    5000
59
60       -s scheme
61              The password scheme which should be used to generate the  hashed
62              password.   By  default  the CRYPT scheme will be used (with the
63              $2y$ bcrypt format).  It is also possible to append an  encoding
64              suffix  to  the  scheme.  Supported encoding suffixes are: .b64,
65              .base64 and .hex.
66              See also http://wiki2.dovecot.org/Authentication/PasswordSchemes
67              for more details about password schemes.
68
69       -t hash
70              Test if the given password hash matches a given plain text pass‐
71              word.  You should enclose the password hash in single quotes, if
72              it  contains one or more dollar signs ($).  The plain text pass‐
73              word may be passed using the -p option.  When  no  password  was
74              specified, doveadm(1) will prompt interactively for one.
75
76       -u user
77              When  the  DIGEST-MD5 scheme is used, also the user name must be
78              given, because the user name is a part of  the  generated  hash.
79              For   more   information  about  Digest-MD5  please  read  also:
80              http://wiki2.dovecot.org/Authentication/Mechanisms/DigestMD5
81
82       -V     When this option is given, the hashed password  will  be  inter‐
83              nally  verified.   The  result of the verification will be shown
84              after the hashed password, enclosed in parenthesis.
85

EXAMPLE

87       The first password hash is a DIGEST-MD5 hash for  jane.roe@example.com.
88       The second password hash is a CRAM-MD5 hash for john.doe@example.com.
89
90       doveadm pw -s digest-md5 -u jane.roe@example.com
91       Enter new password:
92       Retype new password:
93       {DIGEST-MD5}9b9dcb4466233a9307bbc33708dffda0
94       doveadm pw
95       Enter new password:
96       Retype new password:
97       {CRAM-MD5}913331d8782236a8ecba7764a63aa27b26437fd40ca878d887f11d81245c2c6b
98

REPORTING BUGS

100       Report  bugs, including doveconf -n output, to the Dovecot Mailing List
101       <dovecot@dovecot.org>.  Information about reporting bugs  is  available
102       at: http://dovecot.org/bugreport.html
103

SEE ALSO

105       doveadm(1)
106
107
108
109Dovecot v2.3                      2015-06-05                     DOVEADM-PW(1)
Impressum