Il 24/01/2017 23:29, @lbutlr ha scritto:
dovecot is setup on a system with MD5-CRYPT password scheme for all users, and
I would like to update this to something that is secure, probably
SSHA256-CRYPT, but I want to do this seamlessly without the users having to
jump through any hoops.
The users are in mySQL (managed via postfixadmin) and the mailbox record simply
stores the hash in the password field. Users access their accounts though IMAP
MUAs or Roundcube.
How would I setup my system so that if a user logs in and still has a $1$
password (MD5-CRYPT) their password will be encoded to the new SHCEME and then
the SQL row updated with the $5$ password instead? Something where they are
redirected after authentication to a page that forces them to renter their
password (or choose a new one) is acceptable.
And, while I am here, is it worthwhile to set the -r flag to a large number
(like something over 100,000 which sets takes about 0.25 seconds to do on my
machine)?
Hi,
you can convert password scheme during the login:
http://wiki2.dovecot.org/HowTo/ConvertPasswordSchemes
Ciao
--
Alessio Cecchi
Postmaster @ http://www.qboxmail.it
https://www.linkedin.com/in/alessice
