On 03.06.2016 15:14, KT Walrus wrote:
(I subscribed to a daily digest for this list and can’t figure out how to reply
to a reply.)
Anyway, Aki Tuomi replied to my feature request saying:
We support in latest 2.2 release
MD5 MD5-CRYPT SHA SHA1 SHA256 SHA512 SMD5 SSHA SSHA256 SSHA512 PLAIN
CLEAR CLEARTEXT PLAIN-TRUNC CRAM-MD5 SCRAM-SHA-1 HMAC-MD5 DIGEST-MD5
PLAIN-MD4 PLAIN-MD5 LDAP-MD5 LANMAN NTLM OTP SKEY RPA CRYPT SHA256-CRYPT
SHA512-CRYPT
There is also blowfish support as BLF-CRYPT, but that requires that your
system supports it. CRYPT supports whatever your crypt() supports.
The reason I suggest building in fallback hash type support is that my install
of Dovecot on Ubuntu 14.04 didn’t support SHA512-CRYPT or BLF-CRYPT.
If Dovecot just included the PHP .c files to make sure it can process
Blowfish/SHA512 password hashes on all installs, it would greatly simplify
adding Dovecot as a service for my existing user accounts (without forcing them
to give their password for the site so I can generate new hashes in a form that
Dovecot supports). SHA256-CRYPT is probably my best option for password hashing
since it supports ROUNDS to make hash generation slower. But, I would rather
use BLF-CRYPT so I can re-use my existing hashes for my user accounts.
Kevin
Unfortunately "just including" files from another project is not that
straightforward. We can see if we could add BLF-CRYPT support to core
even if system does not support it.
Aki