Password Schemes
================

Passwords can be stored in <password databases> [PasswordDatabase.txt] in many
different formats. Usually they should be stored encrypted just to make sure
that if an attacker gets into your computer he can't easily read everyone's
passwords.

With non-plaintext <authentication mechanisms> [Authentication.Mechanisms.txt]
you either have to store the password in a mechanism-specific format (which is
incompatible with all other auth mechanisms except plaintext ones), or you'll
have to store the passwords as plaintext. For example if you're going to use
CRAM-MD5 authentication, the password needs to be in plaintext format or in
CRAM-MD5 format. If you want to allow both CRAM-MD5 and DIGEST-MD5, the
password must be stored in plaintext.

With plaintext auth mechanisms it doesn't matter in which format the password
is stored locally, because Dovecot will internally encrypt the sent plaintext
password to match the storage scheme. Usually people are using only the
plaintext authentication mechanism. Encrypting the connection with SSL/TLS
gives the necessary protection for the passwords.

Often you already have the passwords in some specific format, so the best idea
is to just keep using them. Otherwise just pick one to use, for example SSHA.

Currently supported password schemes are:

 * CRYPT: DES-based encryption. This is how passwords are historically stored
   in '/etc/passwd'.
 * LANMAN: DES-based encryption. Used sometimes with NTLM mechanism.
 * NTLM: MD4 sum of the password stored in hex. Used with NTLM mechanism.
 * MD5-CRYPT: MD5 crypt. Another format historically used in '/etc/passwd'
   (v1.0.rc16 and later, for older use MD5)
    * MD5: Deprecated name for MD5-CRYPT. The password isn't really in a
      standard MD5 format (like PLAIN-MD5 is).
 * PLAIN-MD5: MD5 sum of the password stored in hex.
 * LDAP-MD5: MD5 sum of the password stored in base64.
 * SMD5: Salted MD5 sum of the password stored in base64.
 * CRAM-MD5: Use with CRAM-MD5 mechanism (v1.0.rc16 and later, for older use
   HMAC-MD5)
    * HMAC-MD5: Deprecated name for CRAM-MD5. The password isn't really in a
      standard HMAC-MD5 format.
 * DIGEST-MD5: Use with DIGEST-MD5 mechanism. The username is included in the
   hash, so it's not possible to use the hash for different usernames.
 * RPA: Use with RPA mechanism.
 * SHA: SHA1 sum of the password stored in base64.
 * SSHA: Salted SHA1 sum of the password stored in base64.
 * PLAIN: Password is in plaintext.

Default password scheme can usually be specified for password database. You can
override it by prefixing the password with {SCHEME}, for example
'{PLAIN}password'. Note that not all <password databases>
[PasswordDatabase.txt] support changing the scheme. With some you might cause
incompatibilities with other software using it (eg.<passwd>
[AuthDatabase.Passwd.txt], <shadow> [PasswordDatabase.Shadow.txt]) and with
others it simply isn't possible at all because of the way they work (eg.<PAM>
[PasswordDatabase.PAM.txt]).

Dovecot contains a 'dovecotpw' utility which can be used to easily generate
passwords for wanted scheme.

For some schemes (eg. PLAIN-MD5, SHA) Dovecot is able to detect if the password
hash is base64 or hex encoded, so both can be used.'dovecotpw' anyway generates
the passwords using the encoding mentioned above.

(This file was created from the wiki on 2007-06-15 04:42)