Howto setup roundcube password plugin with sql driver and mysql encrypt using random salt?

mysql linux php roundcube

Edit roundcube main config.inc.php and add the plugin name 'password' to the plugins array() as shown below, to activate the plugin:

// List of active plugins (in plugins/ directory)
$config['plugins'] = array('password');

You may also note down the DSN used by roundcube to connect to the 'roundcube' mysql database $config['db_dsnw'] = 'mysql://user:pass@localhost/roundcube'

cd into .../roundcube_www_root/plugins/password/ and create config.inc.php

# cp config.inc.php.dist config.inc.php
# vi config.inc.php

Edit the following lines in the password plugin's config.inc.php:

<?php

$config['password_driver'] = 'sql';
$config['password_confirm_current'] = true;
$config['password_minimum_length'] = 8;
$config['password_require_nonalpha'] = false;
$config['password_log'] = false;
$config['password_login_exceptions'] = null;
// If the server is accessed via fqdn, replace localhost by the fqdn:
$config['password_hosts'] = array('127.0.0.1');
$config['password_force_save'] = true;

// SQL Driver options
$config['password_db_dsn'] = 'mysql://user:pass@localhost/maildb';

// SQL Update Query with encrypted password using random 8 character salt
$config['password_query'] = 'UPDATE users SET crypt=ENCRYPT(%p,CONCAT(_utf8\'$5$\',RIGHT(MD5(RAND()),8),_utf8\'$\')) WHERE id=%u LIMIT 1';

...

To use SHA-512 password hashes instead of SHA-256, set the $id$ to $6$ (see also man 3 crypt):

$config['password_query'] = 'UPDATE users SET crypt=ENCRYPT(%p,CONCAT(_utf8\'$6$\',RIGHT(MD5(RAND()),8),_utf8\'$\')) WHERE id=%u LIMIT 1';

See .../plugins/password/README and .../plugins/password/config.inc.php.dist for more info.

Assuming you will use the same mysql user for the password plugin to update the password, you have to GRANT SELECT and UPDATE privileges on the table 'users' in 'maildb' to the 'roundcube' mysql user:

# mysql -u root -p
mysql > GRANT SELECT,UPDATE ON maildb.users TO 'roundcube'@'localhost';
mysql > FLUSH PRIVILEGES;
mysql > quit
#

That's it. If you encounter problems, tail the roundcube error log:

# tail -f ../../logs/error

Related

How to make Varnish ignore, not delete cookies
How is LSI FastPath different from Software RAID?
Why is SPF being validated against my mail server's IP instead of sender's IP?
How to create a self-signed SSL certificate with subject alternate names (SAN) for IIS websites
Fixed and dynamic IPs in ISC DHPD lead to double lease
Duplicate incoming TCP traffic on Debian Squeeze
Perfmon: which counter identifies that threads are waiting?
LDAP and pam without binddn and anonymous access
Amavis / spamassassin setup, how to disable quarantine and get default spamassassin behavior back?
"ImportError: No module named flask" - Trouble with nginx + uWSGI + Flask in a virtualenv setup
Kernel Log "TCP: Treason uncloaked!"
Server sent passive reply with unroutable address. Using server address instead IIS 8.5