• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Question New password hashing option for email accounts

TorbHo

TorbHo

Regular Pleskian
Server operating system version
Ubuntu 24
Plesk version and microupdate number
18.0.72
Hi everyone,

I just read in the Plesk changelog for 18.0.72:

(Plesk for Linux) You now have the option to use hashing for email-account passwords instead of symmetric encryption. This option is enabled by default. To disable password hashing and re-enable symmetric encryption, add the following lines to the panel.ini file:

[passwordManagement]
features.allowAdminAliasPasswordHashing = false
Click to expand...

My understanding is the following:
  • Hashing is now the default setting.
  • This applies not only to new installations, but also to existing ones after updating Plesk.
  • Newly set passwords will be hashed, while existing passwords remain symmetrically encrypted until they are changed.
  • If I add the lines above to panel.ini, Plesk will revert to the old behavior (symmetric encryption).
Did I get this right?

Will existing email account passwords automatically re-saved as hashes after the update, or only when the user/admin actively changes the password?

Thanks in advance for clarifying!
 
Great question!

I'd like to add: Does this mean, that in the future the "plesk sbin mail_auth_view" will become obsolete?
 
Hello,

The RN entry is a bit misleading, we will update it. Regarding the questions:

> Hashing is now the default setting.
> This applies not only to new installations, but also to existing ones after updating Plesk.

No, it is not default yet. You need to go to Tools & Settings -> Security policy and explicitly select Hashing in Storing email passwords section. Or you can use plesk bin server_pref CLI utilty with email-password-hashing parameter. Symmetric encryption is still default for new and upgraded installations.

> Newly set passwords will be hashed, while existing passwords remain symmetrically encrypted until they are changed.

Yes. If you need hash existing password, you can you instructions from KB article.

> If I add the lines above to panel.ini, Plesk will revert to the old behavior (symmetric encryption).

No, the panel.ini setting `passwordManagement.features.allowEmailPasswordHashing` only affects visibility of the feature. If it set to the fase, appropriate section will disappear in Tools & Settings -> Security policy and in plesk bin server_pref.

> Does this mean, that in the future the "plesk sbin mail_auth_view" will become obsolete.

As hashed passwords cannot be decrypted, mail_auth_view will unable to show plain password.
 
You must log in or register to reply here.

Similar threads

TorbHo
Resolved Plesk does not retain DKIM keys during server migration
2
Replies
20
Views
2K
TorbHo
TorbHo
J
Resolved Plesk's authentication driver for dovecot is trying to write to the email accounts password file
Replies
6
Views
2K
John Calvert
J
nethubonline
Resolved Plesk migrator will re-create deleted email account
Replies
4
Views
3K
Sebahat.hadzhi
Sebahat.hadzhi
M
Issue Outgoing Mail Control is always 0
Replies
1
Views
857
MarketPC
M
R
Issue Cannot restart NGINX
Replies
1
Views
1K
Raul A.
R
Back
Top