This documentation is for Dovecot v2.x, see wiki1 for v1.x documentation.
Differences between revisions 21 and 22
Revision 21 as of 2017-02-05 16:58:58
Size: 3699
Editor: adsl-75-24-144-2
Revision 22 as of 2017-02-05 17:07:16
Size: 3691
Editor: adsl-75-24-144-2
Deletions are marked like this. Additions are marked like this.
Line 79: Line 79:
Then you can use: Then use:


This file is compatible with a normal /etc/passwd file, and a password file used by libpam-pwdfile PAM plugin. It's in the following format:


For a password database it's enough to have only the user and password fields. For a user database, you need to set also uid, gid and preferably also home (see VirtualUsers). (gecos) and (shell) fields are unused by Dovecot.

The password field can be in four formats:

  • password: Assume CRYPT password scheme.

  • {SCHEME}password: The password is in the given scheme.

  • password[13]: libpam-passwd file compatible format for CRYPT scheme.

  • password[34]: libpam-passwd file compatible format for MD5 scheme.

extra_fields is a space-separated list of key=value pairs which can be used to set various passdb settings and userdb settings. Keys which begin with a userdb_ prefix are used for userdb, others are used for passdb. So for example if you wish to override mail_location setting for one user, use userdb_mail=mbox:~/mail. Variable expansion is done for extra_fields.

Empty lines and lines beginning with '#' character are ignored.

Multiple passwd files

You can use all the variables in the passwd-file filenames, for example:

passdb {
  driver = passwd-file
  # Each domain has a separate passwd-file:
  args = /etc/auth/%d/passwd

Passwd-file args

  • scheme=<s>: Allows you to specify the default password scheme. The default is CRYPT. This is available only for passdb.

  • username_format=<s>: Look up usernames using this format instead of the full username (%u). If you want to enable user@domain logins but have only "user" in the file, set this to %n.


passdb {
  driver = passwd-file
  args = scheme=plain-md5 username_format=%n /etc/imap.passwd
userdb {
  driver = passwd-file
  args = username_format=%n /etc/imap.passwd
  default_fields = uid=vmail gid=vmail home=/home/vmail/%u
  • The default_fields is explained in UserDatabase#Userdb_settings. They can be used to provide default userdb fields based on templates in case they're not specified for everyone in the passwd file. If you leave any of the standard userdb fields (uid, gid, home) empty, these defaults will be used.

This file can be used as a passdb:


passdb with extra fields:


This file can be used as both a passwd and a userdb:

user:{plain}pass:1000:1000::/home/user::userdb_mail=maildir:~/Maildir allow_nets=

Passwd as a password database on FreeBSD

On FreeBSD, passwd doesn't work as a password database because the password field is replaced by a *. But you can convert /etc/master.passwd into a passwd-file. In /etc/master.passwd, a password of * indicates that password authentication is disabled, so you might as well exclude those.

# grep -v '*' master.passwd > file-with-encrypted-passwords
# chmod 400 file-with-encrypted-passwords
# chown dovecot file-with-encrypted-passwords

Then use:

passdb {
  driver = passwd-file
  args = path-to-file-with-encrypted-passwords

None: AuthDatabase/PasswdFile (last edited 2019-09-11 14:15:57 by MichaelSlusarz)