-
-
Notifications
You must be signed in to change notification settings - Fork 3
vpasswd.1
vpasswd - change passwd for virtual domain user
vpasswd [ options ] email_address [ password ]
vpasswd changes a virtual domain email users password. The program must be run as root or as the indimail user. It uses crypt(3) routine to encrypt the password. You can use the -h argument to specify the hash method for encryption (See Below). You can also set the environment variable PASSWORD_HASH to set the encryption method. The -h argument overrides the environment variable PASSWORD_HASH. The value of PASSWORD_HASH environment variable identifies the encryption method used and this then determines how the rest of the password string is interpreted. The following values of PASSWORD_HASH are supported:
PASSWORD_HASH Value Description 0 DES encryption (shouldn't be used) 1 MD5 encryption (shouldn't be used) 2 SHA256 encryption 3 SHA512 encryption
If the environment variable POST_HANDLE is set, vpasswd executes the program defined by the POST_HANDLE environment variable, passing email_address as a parameter. If POST_HANDLE is not defined, the program/script /usr/libexec/indimail/vpasswd will be executed with email_address as a parameter. The POST_HANDLE program is executed as the last step after all earlier steps have been successful.
-e
Set the encrypted Password field This options disables the internal
encryption routine which encrypts the password provided on the command
line. This option sets the encrypted password field exactly as given on
the command line without any encryption. It expects you to give a
standard encrypted password or you can use this to set plaintext/salted
password for CRAM, SCRAM authentication methods.
-h hash
Specify hash which is one of DES, MD5, SHA-256, SHA-512. Here ID is
the id in /etc/shadow. See incrypt(1).
HASH ID Description | |
---|---|
DES - DES encryption (shouldn't be used) | |
MD5 1 MD5 encryption (shouldn't be used) | |
SHA-256 5 SHA256 encryption | |
SHA-512 6 SHA512 encryption |
You can also set the environment variable PASSWORD_HASH to set the encryption method. The -h argument overrides the environment variable PASSWORD_HASH. The value of PASSWORD_HASH environment variable identifies the encryption method used and this then determines how the rest of the password string is interpreted. The following values of PASSWORD_HASH are supported:
PASSWORD_HASH Value Description
0 DES encryption (shouldn't be used)
1 MD5 encryption (shouldn't be used)
2 SHA256 encryption
3 SHA512 encryption
-m scram
Sets the CRAM or SCRAM method for encryption. This will set SCRAM
password in the scram field in indimail/indibak tables. For CRAM
method, it will set clear text password when -C option is specified.
CRAM/SCRAM method Description
----------------- -----------
CRAM Sets clear text password suitable for any
CRAM method (CRAM-MD5, CRAM-SHA1, ...)
SCRAM-SHA-1 SHA1 encryption suitable for SCRAM-SHA-1.
SCRAM-SHA-256 SHA256 encryption suitable for SCRAM-SHA-256.
-C
Sets up authentication suitable for CRAM-MD5, CRAM-SHA1, CRAM-SHA224,
CRAM-SHA256, CRAM-SHA384, CRAM-SHA512, CRAM-RIPEMD and DIGEST-MD5
methods. This works by storing the clear text credentials in the
database. if the -m option is selected, this will additionally store a
hex-encoded salted password for SCRAM methods, which can be used instead
of clear text passwords by clients (for SCRAM authentication).
-S salt
Specify a base64 encoded salt to be used when generating SCRAM password.
If not specified, this will be generated using libsodium/gsasl. Here
base64 implies characters [0-9], [a-z], [A-Z] and the two
characters [./].
-I iteration
Specify the iteration count to be used when generating SCRAM password.
The default is 4096.
-r length
Generate a random password of length length characters. This option is
ignored when password is supplied on the command line.
-v
Set verbose mode.
email_address
username including the domain component
[password]
Set the password on the command line. If the password is not supplied on
the command line then user is prompted for the password. The password
must be entered correctly twice in order to be accepted.
0 if all steps were successful, non-zero otherwise. If any of the steps fail, a diagnostic message is printed.
vmoduser(1), vadduser(1), vmoduser(1), gsasl(1) gsasl_scram_secrets_from_password(3)