6

I have a mailserver with postfix installed and configured as in http://flurdy.com/docs/postfix/index.html. I use a mysql database maildb with a table users with two fileds id='user@domain.com' and crypt='salted_md5_hash'. Password is updated with a query like this:

UPDATE users SET crypt = ENCRYPT('apassword', CONCAT('$5$', MD5(RAND()))) WHERE id = 'user@domain.tld';

Roundcube 1.0-RC is installed according http://trac.roundcube.net/wiki/Howto_Install

Howto setup roundcube password plugin to work with the above installation?

rda
  • 1,887
  • 1
  • 12
  • 20

1 Answers1

10

Edit roundcube main config.inc.php and add the plugin name 'password' to the plugins array() as shown below, to activate the plugin:

// List of active plugins (in plugins/ directory)
$config['plugins'] = array('password');

You may also note down the DSN used by roundcube to connect to the 'roundcube' mysql database $config['db_dsnw'] = 'mysql://user:pass@localhost/roundcube'

cd into .../roundcube_www_root/plugins/password/ and create config.inc.php

# cp config.inc.php.dist config.inc.php
# vi config.inc.php

Edit the following lines in the password plugin's config.inc.php:

<?php

$config['password_driver'] = 'sql';
$config['password_confirm_current'] = true;
$config['password_minimum_length'] = 8;
$config['password_require_nonalpha'] = false;
$config['password_log'] = false;
$config['password_login_exceptions'] = null;
// If the server is accessed via fqdn, replace localhost by the fqdn:
$config['password_hosts'] = array('127.0.0.1');
$config['password_force_save'] = true;

// SQL Driver options
$config['password_db_dsn'] = 'mysql://user:pass@localhost/maildb';

// SQL Update Query with encrypted password using random 8 character salt
$config['password_query'] = 'UPDATE users SET crypt=ENCRYPT(%p,CONCAT(_utf8\'$5$\',RIGHT(MD5(RAND()),8),_utf8\'$\')) WHERE id=%u LIMIT 1';

...

To use SHA-512 password hashes instead of SHA-256, set the $id$ to $6$ (see also man 3 crypt):

$config['password_query'] = 'UPDATE users SET crypt=ENCRYPT(%p,CONCAT(_utf8\'$6$\',RIGHT(MD5(RAND()),8),_utf8\'$\')) WHERE id=%u LIMIT 1';

See .../plugins/password/README and .../plugins/password/config.inc.php.dist for more info.

Assuming you will use the same mysql user for the password plugin to update the password, you have to GRANT SELECT and UPDATE privileges on the table 'users' in 'maildb' to the 'roundcube' mysql user:

# mysql -u root -p
mysql > GRANT SELECT,UPDATE ON maildb.users TO 'roundcube'@'localhost';
mysql > FLUSH PRIVILEGES;
mysql > quit
# 

That's it. If you encounter problems, tail the roundcube error log:

# tail -f ../../logs/error
rda
  • 1,887
  • 1
  • 12
  • 20
  • 1
    I think `array(password)` should be `array('password')`. – Andrew Schulman Feb 13 '14 at 17:09
  • OK, thanks, I corrected it. However, both variants seem to work fine. – rda Feb 13 '14 at 17:16
  • Thanks!! Worked for me. I've been trying to figure this issue out for a long time. I was listing out password hosts `$config['password_hosts'] = array('mail.host1.com', 'mail.host2.com', 'mail.host3.com');` which doesn't work. Upon switching to `$config['password_hosts'] = array('localhost');` as per above the password Setting option appeared. – Brandon Coder Mar 29 '15 at 02:39
  • I forgot to mention, Roundcube v1.0.3, Password plugin v3.4. Cheers! – Brandon Coder Mar 29 '15 at 18:48
  • I had a similar issue with this. Some server setups may require using 127.0.0.1 instead of using localhost. Just a heads up. Using the IP address is what worked for me personally. localhost didn't do anything. – Terry Carter Feb 29 '16 at 19:13
  • What server setup are you using @TerryCarter? I thought `localhost` should always resolve to 127.0.0.1, at least on Linux. If you are on Linux, check your **/etc/hosts** file, it should contain the line: `127.0.0.1 localhost` – rda Mar 02 '16 at 20:46
  • @rda - My hosts file does have that record yes. I am using Centos 7 with MariaDB, the latest postfix, dovecot, postfixadmin, phpmyadmin, and roundcube. Pinging localhost also returns the correct address for me. Not sure, may have just been a random quirk somewhere in my setup. – Terry Carter Mar 02 '16 at 20:55
  • `$config['password_hosts'] = null;` defaults to allow for 'ALL' afaik. If you had left it alone/defaulted, you probably would have been okay. Config: "Listed hosts will feature a Password option in Settings; others will not." Default should also say: "ON otherwise for ALL". At any rate leaving it NULL works fine for me. – B. Shea Jan 12 '17 at 23:55
  • And NO: You do NOT have to grant privilege to the Roundcube MySQL user to do updates on main Mail DB. Why use the Roundcube user on the plugin MySQL connection and not just use the 'main' mail database & user? (you could also create a new Mail DB user with query/update permissions (only) as well and use it). Why use the Roundcube mysql user and give more priv to Roundcube user when not needed? (to alter a separate database) Make sure your password config has proper permissions as well from prying eyes.. (either way you do it). – B. Shea Jan 13 '17 at 15:47
  • This answer does make possible to change the password in roundcube but does not use this database to login with the passwords in this database. Normally the passwords are first in `/config/postfix-accounts.cf`. – pbies Feb 25 '22 at 10:05
  • Even if plugin 'password' is on and the database used is mysql, roundcube does not check for password in 'mailbox' table as it does not exist. Even if created manually and added columns - roundcube will not use passwords from it. – pbies Feb 25 '22 at 10:34
  • Roundcube 1.5.2. – pbies Feb 25 '22 at 10:43