Man Pages

doveadm-pw(1) - phpMan doveadm-pw(1) - phpMan

Command: man perldoc info search(apropos)  

DOVEADM-PW(1)                       Dovecot                      DOVEADM-PW(1)

       doveadm-pw - Dovecot's password hash generator

       doveadm [-Dv] pw -l
       doveadm [-Dv] pw [-p password] [-r rounds] [-s scheme] [-u user] [-V]
       doveadm [-Dv] pw -t hash [-p password] [-u user]

       doveadm  pw is used to generate password hashes for different password schemes and optionally verify the gener-
       ated hash.

       All generated password hashes have a {scheme} prefix, for  example  {SHA512-CRYPT.HEX}.   All  passdbs  have  a
       default scheme for passwords stored without the {scheme} prefix.  The default scheme can be overridden by stor-
       ing the password with the scheme prefix.

       Global doveadm(1) options:

       -D     Enables verbosity and debug messages.

       -o setting=value
              Overrides the configuration setting from /etc/dovecot/dovecot.conf and from the userdb  with  the  given
              value.  In order to override multiple settings, the -o option may be specified multiple times.

       -v     Enables verbosity, including progress counter.

       Command specific options:

       -l     List all supported password schemes and exit successfully.
              There  are  up  to  three  optional  password  schemes:  BLF-CRYPT  (Blowfish  crypt),  SHA256-CRYPT and
              SHA512-CRYPT.  Their availability depends on the system's currently used libc.

       -p password
              The plain text password for which the hash should be generated.  If no  password  was  given  doveadm(1)
              will prompt interactively for one.

       -r rounds
              The  password  schemes BLF-CRYPT, SHA256-CRYPT and SHA512-CRYPT supports a variable number of encryption
              rounds.  The following table shows the minimum/maximum number of encryption rounds per scheme.  When the
              -r option was omitted the default number of encryption rounds will be applied.

               Scheme       | Minimum | Maximum   | Default
               BLF-CRYPT    |       4 |        31 |       5
               SHA256-CRYPT |    1000 | 999999999 |    5000
               SHA512-CRYPT |    1000 | 999999999 |    5000

       -s scheme
              The   password  scheme  which  should  be  used  to  generate  the  hashed  password.   By  default  the
              CRAM-MD5 scheme will be used.  It is also possible to append an encoding suffix  to  the  scheme.   Sup-
              ported encoding suffixes are: .b64, .base64 and .hex.
              See   also  for  more  details  about  password

       -t hash
              Test if the given password hash matches a given plain text password.  You should  enclose  the  password
              hash  in  single  quotes,  if  it contains one or more dollar signs ($).  The plain text password may be
              passed using the -p option.  When no password was specified, doveadm(1) will  prompt  interactively  for

       -u user
              When the DIGEST-MD5 scheme is used, also the user name must be given, because the user name is a part of
              the generated hash.   For  more  information  about  Digest-MD5  please  read  also:  http://wiki2.dove-

       -V     When this option is given, the hashed password will be internally verified.  The result of the verifica-
              tion will be shown after the hashed password, enclosed in parenthesis.

       The first password hash is a DIGEST-MD5 hash for  The second password hash is a  CRAM-MD5
       hash for

       doveadm pw -s digest-md5 -u
       Enter new password:
       Retype new password:
       doveadm pw
       Enter new password:
       Retype new password:

       Report  bugs,  including  doveconf  -n  output, to the Dovecot Mailing List <>.  Information
       about reporting bugs is available at:


Dovecot v2.2                      2015-06-05                     DOVEADM-PW(1)