Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
DOVEADM-PW(1)			    Dovecot			 DOVEADM-PW(1)

       doveadm-pw - Dovecot's password hash generator

       doveadm [-Dv] pw	-l
       doveadm [-Dv] pw	[-p password] [-r rounds] [-s scheme] [-u user]	[-V]
       doveadm [-Dv] pw	-t hash	[-p password] [-u user]

       doveadm	pw  is used to generate	password hashes	for different password
       schemes and optionally verify the generated hash.

       All generated password hashes  have  a  {scheme}	 prefix,  for  example
       {SHA512-CRYPT.HEX}.   All  passdbs  have	a default scheme for passwords
       stored without the {scheme} prefix.  The	default	scheme can be overrid-
       den by storing the password with	the scheme prefix.

       Global doveadm(1) options:

       -D     Enables verbosity	and debug messages.

       -o setting=value
	      Overrides	 the  configuration  setting from /usr/local/etc/dove-
	      cot/dovecot.conf and from	the userdb with	the given  value.   In
	      order to override	multiple settings, the -o option may be	speci-
	      fied multiple times.

       -v     Enables verbosity, including progress counter.

       Command specific	options:

       -l     List all supported password schemes and exit successfully.
	      There are	up  to	three  optional	 password  schemes:  BLF-CRYPT
	      (Blowfish	 crypt),  SHA256-CRYPT and SHA512-CRYPT.  Their	avail-
	      ability depends on the system's currently	used libc.

       -p password
	      The plain	text password for which	the hash should	be  generated.
	      If  no  password	was given doveadm(1) will prompt interactively
	      for one.

       -r rounds
	      The password schemes  BLF-CRYPT,	SHA256-CRYPT and  SHA512-CRYPT
	      supports	a variable number of encryption	rounds.	 The following
	      table shows the minimum/maximum number of	encryption rounds  per
	      scheme.	When  the  -r option was omitted the default number of
	      encryption rounds	will be	applied.

	       Scheme	    | Minimum |	Maximum	  | Default
	       BLF-CRYPT    |	    4 |	       31 |	  5
	       SHA256-CRYPT |	 1000 |	999999999 |    5000
	       SHA512-CRYPT |	 1000 |	999999999 |    5000

       -s scheme
	      The password scheme which	should be used to generate the	hashed
	      password.	  By  default the CRAM-MD5 scheme will be used.	 It is
	      also possible to append an encoding suffix to the	scheme.	  Sup-
	      ported encoding suffixes are: .b64, .base64 and .hex.
	      See also
	      for more details about password schemes.

       -t hash
	      Test if the given	password hash matches a	given plain text pass-
	      word.  You should	enclose	the password hash in single quotes, if
	      it contains one or more dollar signs ($).	 The plain text	 pass-
	      word  may	 be  passed using the -p option.  When no password was
	      specified, doveadm(1) will prompt	interactively for one.

       -u user
	      When the DIGEST-MD5 scheme is used, also the user	name  must  be
	      given,  because  the  user name is a part	of the generated hash.
	      For  more	 information  about  Digest-MD5	 please	  read	 also:

       -V     When  this  option  is given, the	hashed password	will be	inter-
	      nally verified.  The result of the verification  will  be	 shown
	      after the	hashed password, enclosed in parenthesis.

       The  first password hash	is a DIGEST-MD5	hash for
       The second password hash	is a CRAM-MD5 hash for

       doveadm pw -s digest-md5	-u
       Enter new password:
       Retype new password:
       doveadm pw
       Enter new password:
       Retype new password:

       Report bugs, including doveconf -n output, to the Dovecot Mailing  List
       <>.	Information  about reporting bugs is available


Dovecot	v2.3			  2015-06-05			 DOVEADM-PW(1)


Want to link to this manual page? Use this URL:

home | help