On 04/01/2014 08:56 AM, Dwain Blazej wrote:
I'm writing some code for Posty, a Postfix and Dovecot Administration App.
One way to support all of dovecot's password hashes is to have "dovecot pw"
do the work, however I don't want to run the web facing Posty as root or
the same user as Dovecot.
Is the output of "dovecot pw" is effected by the contents of the
configuration files? What in the configuration file does "dovecot pw"
require to operate?
I personally care about SHA512-crypt support, so I just called an outside
library to generate the hash. However, others might want to use a different
scheme, or Dovecot might not have support for SHA512-crypt on other systems
(I think Mac OS X is an example). Hence the elegance of using dovecot pw
to do all the work. If a normal user can call dovecot pw, then I'll add
back in that code.
Well if you're using an external library for one scheme, you may just as
well use your own code for other schemes. For example:
require 'digest'
require 'base64'
hash = '{SSHA512.b64}' +
Base64.strict_encode64(
Digest::SHA512.digest("#{secret}#{salt}") + salt
)
IMO there's no need to call external program for this.
