doveadm-pw

DOVEADM-PW(1)                       Dovecot                      DOVEADM-PW(1)

NAME
       doveadm-pw - Dovecot's password hash generator

SYNOPSIS
       doveadm [-Dv] pw -l
       doveadm [-Dv] pw [-p password] [-r rounds] [-s scheme] [-u user] [-V]
       doveadm [-Dv] pw -t hash [-p password] [-u user]

DESCRIPTION
       doveadm  pw  is used to generate password hashes for different password
       schemes and optionally verify the generated hash.

       All generated password hashes  have  a  {scheme}  prefix,  for  example
       {SHA512-CRYPT.HEX}.   All  passdbs  have a default scheme for passwords
       stored without the {scheme} prefix.  The default scheme can be overrid-
       den by storing the password with the scheme prefix.

OPTIONS
       Global doveadm(1) options:

       -D     Enables verbosity and debug messages.

       -o setting=value
              Overrides  the  configuration  setting  from  /etc/dovecot/dove-
              cot.conf and from the userdb with the given value.  In order  to
              override  multiple settings, the -o option may be specified mul-
              tiple times.

       -v     Enables verbosity, including progress counter.

       Command specific options:

       -l     List all supported password schemes and exit successfully.
              There are up  to  three  optional  password  schemes:  BLF-CRYPT
              (Blowfish  crypt),  SHA256-CRYPT and SHA512-CRYPT.  Their avail-
              ability depends on the system's currently used libc.

       -p password
              The plain text password for which the hash should be  generated.
              If  no  password  was given doveadm(1) will prompt interactively
              for one.

       -r rounds
              The password schemes  BLF-CRYPT,  SHA256-CRYPT and  SHA512-CRYPT
              supports  a variable number of encryption rounds.  The following
              table shows the minimum/maximum number of encryption rounds  per
              scheme.   When  the  -r option was omitted the default number of
              encryption rounds will be applied.

               Scheme       | Minimum | Maximum   | Default
              ----------------------------------------------
               BLF-CRYPT    |       4 |        31 |       5
               SHA256-CRYPT |    1000 | 999999999 |    5000
               SHA512-CRYPT |    1000 | 999999999 |    5000

       -s scheme
              The password scheme which should be used to generate the  hashed
              password.   By  default the CRAM-MD5 scheme will be used.  It is
              also possible to append an encoding suffix to the scheme.   Sup-
              ported encoding suffixes are: .b64, .base64 and .hex.
              See also http://wiki2.dovecot.org/Authentication/PasswordSchemes
              for more details about password schemes.

       -t hash
              Test if the given password hash matches a given plain text pass-
              word.  You should enclose the password hash in single quotes, if
              it contains one or more dollar signs ($).  The plain text  pass-
              word  may  be  passed using the -p option.  When no password was
              specified, doveadm(1) will prompt interactively for one.

       -u user
              When the DIGEST-MD5 scheme is used, also the user name  must  be
              given,  because  the  user name is a part of the generated hash.
              For  more  information  about  Digest-MD5  please   read   also:
              http://wiki2.dovecot.org/Authentication/Mechanisms/DigestMD5

       -V     When  this  option  is given, the hashed password will be inter-
              nally verified.  The result of the verification  will  be  shown
              after the hashed password, enclosed in parenthesis.

EXAMPLE
       The  first password hash is a DIGEST-MD5 hash for jane.roe@example.com.
       The second password hash is a CRAM-MD5 hash for john.doe@example.com.

       doveadm pw -s digest-md5 -u jane.roe@example.com
       Enter new password:
       Retype new password:
       {DIGEST-MD5}9b9dcb4466233a9307bbc33708dffda0
       doveadm pw
       Enter new password:
       Retype new password:
       {CRAM-MD5}913331d8782236a8ecba7764a63aa27b26437fd40ca878d887f11d81245c2c6b

REPORTING BUGS
       Report bugs, including doveconf -n output, to the Dovecot Mailing  List
       <dovecot@dovecot.org>.   Information  about reporting bugs is available
       at: http://dovecot.org/bugreport.html

SEE ALSO
       doveadm(1)

Dovecot v2.3                      2015-06-05                     DOVEADM-PW(1)
Man Pages Copyright Respective Owners. Site Copyright (C) 1994 - 2024 Hurricane Electric. All Rights Reserved.