If using dovecot as password generator ViMbAdmin changes the hash which makes change of hash later impossible

[mfechner]

Dear all,

regarding this line:

ViMbAdmin/library/ViMbAdmin/Dovecot.php

Line 59 in afc2b44

return trim( substr( $a, strlen( $scheme ) + 2 ) );

if dovecot is used to generate the hash, the hash normally looks like:

doveadm -o stats_writer_socket_path= pw -p test -s BLF-CRYPT
{BLF-CRYPT}$2y$05$MScpeuQcoTM0evggtJ9ZX.tzwbD4GXsrepigXHYhfaI4mx0EqWcLy

ViMbAdmin does now remove the part {BLF-CRYPT}.
If you now try to migrate from BLF-CRYPT to ARGON2ID and you change the standard password scheme authentication will not work anymore.
Is there a special reason why {BLF-CRYPT} is removed.

If that removal would not happen, you can mix password scheme and you can use a post-login script from dovecot to migrate to a new hash scheme without interrupting your email service.

If you agree, I would create a merge request that does not remove the {BLF-CRYPT} from the hash anymore.

[barryo]

You are right that we probably shouldn't have stripped it but unfortunately this change would create widespread breakage of existing systems.

This could be solved with a MySQL VIEW table.

[barryo]

Actually also discussed in the still open #178