SHA512-CRYPT for email

I am considering ways to migrate cPanel mailboxes to Hestia, cPanel uses SHA512-CRYPT to store the passwords in /home/account/etc/domain/shadow

Hestia uses MD5, if I edit /etc/dovecot/conf.d/auth-passwdfile.conf.ext & /etc/dovecot/dovecot-dict-auth.conf.ext, Hestia / Dovecot are happy with passwords hashed with SHA512-CRYPT

Anyone know if this will come back to bite me in unexpected ways?

Yes you can’t edit the passwords any more with Hestia as it still uses md5 for password encryption


So it uses by default crypt and not md5…

I just stumbled on another option. If the configuration files are unchanged but the passwd file specifies “SHA512-CRYPT”, dovecot will accept the hashed password, so if /home/jones/conf/mail/ looks like this:

Webmail will authenticate. More testing is needed, but this seems to be a better solution to my “problem”.

I checked with the Dovecot support group, /home/account/conf/mail/ can have a mixture of MD5 & SHA512-CRYPT, so it should be able to keep the existing passwords.
Reference: Password Schemes