Dovecot and the move to 2.4

[RypPn]

As part of the prep for the move to an eventual release of version 2.4 of dovecot on FreeBSD I'd been looking over the requirements and noticed Berkely DB support is to be dropped, so this meant I need to set up Mariadb-server.

As part of this, I understand for SHA512-CRYPT

INSERT INTO `mail`.`virtual_users`
(`id`, `domain_id`, `password` , `email`)
VALUES
('1', '1', ENCRYPT(‘password’, CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))),    ’user@example.com’),

has to be invoked for my virtual_users table.

Now the question, how do I invoke this for ARGON2ID? I'd appreciate any guidance offered after a fruitless day trawling the internet.

 

[covacat]

use argon2 from libargon2 pkg to generate the encrypted password
you need the plain text passwords for that
if you have a TSV file with id, dom_id,emai,pass you can use something like this to replace pass with the argon hash and then load the result into sql

while read id domid user pass;do SALT=$(head -c 12 /dev/urandom |openssl base64);HASH=$(echo $pass|argon2 "$SALT" -id -e);echo $id $domid $user  $HASH;done

 

[RypPn]

Hmmm, why not just use

doveadm pw -s ARGON2ID -p secret

 

[RypPn]

You can tell when you ask an awkward question, over 100 views and only one response, lol. I guess the overlap of the venn diagram of cryptographic and database knowledge is quite small.

 

[msplsh]

so this meant I need to set up Mariadb-server

Wait, why did you not use SQLite instead?

 

[RypPn]

Because we all have to make choices in life and I'm very familiar with mariadb.

 

[msplsh]

Alright, just thought non-network would have been more compatible.

ARGON2ID's MCF format is documented here