Howto setup roundcube password plugin with sql driver and mysql encrypt using random salt?

Edit roundcube main config.inc.php and add the plugin name 'password' to the plugins array() as shown below, to activate the plugin:

// List of active plugins (in plugins/ directory)
$config['plugins'] = array('password');

You may also note down the DSN used by roundcube to connect to the 'roundcube' mysql database $config['db_dsnw'] = 'mysql://user:pass@localhost/roundcube'

cd into .../roundcube_www_root/plugins/password/ and create config.inc.php

# cp config.inc.php.dist config.inc.php
# vi config.inc.php

Edit the following lines in the password plugin's config.inc.php:

<?php

$config['password_driver'] = 'sql';
$config['password_confirm_current'] = true;
$config['password_minimum_length'] = 8;
$config['password_require_nonalpha'] = false;
$config['password_log'] = false;
$config['password_login_exceptions'] = null;
// If the server is accessed via fqdn, replace localhost by the fqdn:
$config['password_hosts'] = array('127.0.0.1');
$config['password_force_save'] = true;

// SQL Driver options
$config['password_db_dsn'] = 'mysql://user:pass@localhost/maildb';

// SQL Update Query with encrypted password using random 8 character salt
$config['password_query'] = 'UPDATE users SET crypt=ENCRYPT(%p,CONCAT(_utf8\'$5$\',RIGHT(MD5(RAND()),8),_utf8\'$\')) WHERE id=%u LIMIT 1';

...

To use SHA-512 password hashes instead of SHA-256, set the $id$ to $6$ (see also man 3 crypt):

$config['password_query'] = 'UPDATE users SET crypt=ENCRYPT(%p,CONCAT(_utf8\'$6$\',RIGHT(MD5(RAND()),8),_utf8\'$\')) WHERE id=%u LIMIT 1';

See .../plugins/password/README and .../plugins/password/config.inc.php.dist for more info.

Assuming you will use the same mysql user for the password plugin to update the password, you have to GRANT SELECT and UPDATE privileges on the table 'users' in 'maildb' to the 'roundcube' mysql user:

# mysql -u root -p
mysql > GRANT SELECT,UPDATE ON maildb.users TO 'roundcube'@'localhost';
mysql > FLUSH PRIVILEGES;
mysql > quit
# 

That's it. If you encounter problems, tail the roundcube error log:

# tail -f ../../logs/error