1 Topic by 7t3chguy (edited by 7t3chguy 2015-01-17 06:13:16)

  • 7t3chguy
  • 7t3chguy
  • Forum Moderator
  • Offline
  • From: United Kingdom
  • Registered: 2015-01-08
  • Posts: 713

Topic: Improve Roundcube Mail Password Change functionality - [FIX INSIDE]

By default Roundcube changed pass to MD5, which is awful.
Here I'm upping that to SSHA512 for systems which support it using `doveadm pw` internals.

/usr/sbin/dovecotpw:[executable] (chmod +x)

#!/bin/bash

/usr/bin/doveadm pw "$*"

The above is required as Dovecot 2 phased out the separate binary for dovecotpw, and instead ships it within doveadm. Roundcube Password plugin by default cannot accept `doveadm pw` or its full path so it has to be wrapped by the above.

The following lines have to be changed:
roundcube/plugins/password/config.inc.php:

$config['password_query'] = "UPDATE vmail.mailbox SET password=%D,passwordlastchange=NOW() WHERE username=%u LIMIT 1";
$config['password_dovecotpw'] = '/usr/bin/dovecotpw';
$config['password_dovecotpw_method'] = 'SSHA512';

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

7t3chguy's Website

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,789

Re: Improve Roundcube Mail Password Change functionality - [FIX INSIDE]

Thanks for sharing.
With iRedMail-0.9.0, SSHA512 is default password hash for SQL backends, but we need a patch to achieve this.
i will write tutorial about this later.