[GH-ISSUE #146] Add mailbox password scheme to database #114

New issue

Closed

opened 2026-02-26 09:36:00 +03:00 by kerem · 3 comments

kerem commented

2026-02-26 09:36:00 +03:00

Owner

Originally created by @PhrozenByte on GitHub (Jul 8, 2015).
Original GitHub issue: https://github.com/opensolutions/ViMbAdmin/issues/146

ViMbAdmin should store the used password scheme in the database, e.g. the password test hashed with crypt:sha512 should be stored as

{SHA512-CRYPT}$6$UOfXG8URqAM2rLEe$26JgX1NyzTQA6SNfR3hSfx1BkoyxMSKQp6K9OkYeVdyX1ZSlMTiJzA3WAl1gdRYxosERICLOwjqH7/NXp09z51

This has some advantages:

Dovecot can determine the used scheme on its own, no configuration necessary
Admins can change the scheme without resetting all passwords
Using doveadm has no advantages anymore 😃

I can implement this and make a pull request (just a few lines to change), but as far as I know you don't want updates of the database scheme in minor releases?

Originally created by @PhrozenByte on GitHub (Jul 8, 2015). Original GitHub issue: https://github.com/opensolutions/ViMbAdmin/issues/146 ViMbAdmin should store the used password scheme in the database, e.g. the password `test` hashed with `crypt:sha512` should be stored as ``` {SHA512-CRYPT}$6$UOfXG8URqAM2rLEe$26JgX1NyzTQA6SNfR3hSfx1BkoyxMSKQp6K9OkYeVdyX1ZSlMTiJzA3WAl1gdRYxosERICLOwjqH7/NXp09z51 ``` This has some advantages: - Dovecot can determine the used scheme on its own, no configuration necessary - Admins can change the scheme without resetting all passwords - Using `doveadm` has no advantages anymore :smiley: I can implement this and make a pull request (just a few lines to change), but as far as I know you don't want updates of the database scheme in minor releases?

kerem closed this issue

2026-02-26 09:36:00 +03:00

kerem commented

2026-02-26 09:36:01 +03:00

Author

Owner

@kaechele commented on GitHub (Aug 27, 2015):

There should be no database schema change required as it's just dovecot actually reading this field. Prepending the password scheme shouldn't break anything.

@kaechele commented on GitHub (Aug 27, 2015): There should be no database schema change required as it's just dovecot actually reading this field. Prepending the password scheme shouldn't break anything.

kerem commented

2026-02-26 09:36:01 +03:00

Author

Owner

@PhrozenByte commented on GitHub (Aug 27, 2015):

Just prepending the password scheme makes it impossible to differentiate between a built-in scheme and the use of doveadm. I didn't found a fully backward compatible solution without adding a new column.

@PhrozenByte commented on GitHub (Aug 27, 2015): Just prepending the password scheme makes it impossible to differentiate between a built-in scheme and the use of `doveadm`. I didn't found a fully backward compatible solution without adding a new column.

kerem commented

2026-02-26 09:36:01 +03:00

Author

Owner

@barryo commented on GitHub (Apr 2, 2016):

I agree this is a good idea but it would probably require a major version bump. I'm happy to review a PR on this but it's an itch that we personally need scratched so can't assign resources to it 😢

@barryo commented on GitHub (Apr 2, 2016): I agree this is a good idea but it would probably require a major version bump. I'm happy to review a PR on this but it's an itch that we personally need scratched so can't assign resources to it :cry: