NAME doveadm-pw - Dovecot’s password hash generator

SYNOPSIS doveadm [-Dv] pw -l doveadm [-Dv] pw [-p password] [-r rounds] [-s scheme] [-u user] [-V]

DESCRIPTION doveadm pw is used to generate password hashes for different password schemes and optionally verify the generated hash.

All generated password hashes have a {scheme} prefix, for example {SHA512-CRYPT.HEX}. All passdbs have a default scheme for passwords stored without the {scheme} prefix. The default scheme can be overrid- den by storing the password with the scheme prefix.

OPTIONS Global doveadm(1) options:

-D Enables verbosity and debug messages.

-v Enables verbosity, including progress counter.

Command specific options:

-l List all supported password schemes and exit successfully. There are up to three optional password schemes: BLF-CRYPT (Blowfish crypt), SHA256-CRYPT and SHA512-CRYPT. Their avail- ability depends on the system’s currently used libc.

-p password The plain text password for which the hash should be generated. If no password was given doveadm(1) will prompt interactively for one.

-r rounds The password schemes BLF-CRYPT, SHA256-CRYPT and SHA512-CRYPT supports a variable number of encryption rounds. The following table shows the minimum/maximum number of encryption rounds per scheme. When the -r option was omitted the default number of encryption rounds will be applied.

Scheme | Minimum | Maximum | Default ---------------------------------------------- BLF-CRYPT | 4 | 31 | 5 SHA256-CRYPT | 1000 | 999999999 | 5000 SHA512-CRYPT | 1000 | 999999999 | 5000

-s scheme The password scheme which should be used to generate the hashed password. By default the CRAM-MD5 scheme will be used. It is also possible to append an encoding suffix to the scheme. Sup- ported encoding suffixes are: .b64, .base64 and .hex. See also for more details about password schemes.

-u user When the DIGEST-MD5 scheme is used, also the user name must be given, because the user name is a part of the generated hash. For more information about Digest-MD5 please read also:

-V When this option is given, the hashed password will be inter- nally verified. The result of the verification will be shown after the hashed password, enclosed in parenthesis.

EXAMPLE The first password hash is a DIGEST-MD5 hash for The second password hash is a CRAM-MD5 hash for

doveadm pw -s digest-md5 -u Enter new password: Retype new password: {DIGEST-MD5}9b9dcb4466233a9307bbc33708dffda0 doveadm pw Enter new password: Retype new password: {CRAM-MD5}913331d8782236a8ecba7764a63aa27b26437fd40ca878d887f11d81245c2c6b

REPORTING BUGS Report bugs, including doveconf -n output, to the Dovecot Mailing List <>. Information about reporting bugs is available at:

SEE ALSO doveadm(1)

Dovecot v2.0 2010-06-22 DOVEADM-PW(1)