Zitat von lst_ho...@kwsoft.de:
Zitat von Daryl Richards <da...@isletech.net>:On 13-03-21 12:51 PM, lst_ho...@kwsoft.de wrote:by the move to Dovecot we try to alter the password encryption stored in the database from MD5 to CRYPT-SHA256 along the Guide at http://wiki2.dovecot.org/HowTo/ConvertPasswordSchemes. It's mostly working but i still have not found out how to pass the cleartext password to the re-encrypting script. According to the HowTo it should be enough to add "'%w' AS userdb_plain_pass" to the passdb query, to get a environment variable $PLAIN_PASS in the post-login script to pass along. This does not work eg. PLAIN_PASS is always empty. This is Dovecot 2.0.19 from Ubuntu 12.04 LTS.It seems to depends on how you are doing your userdb, not passdb.. I use a static userdb, so I have: userdb { args = uid=xx gid=xx home=/xx/xx/%d/%n plain_pass=%w driver = static } -- Daryl Richards Isle Technical Services Inc.Will try that, thanks. Andreas
Hm, no. Same result. The username works fine but the plaintext password is not available eg. $PLAIN_PASS is always empty when invoking the script.
Settings from 10-master.conf: service imap { # TEMP fuer Password Hashes executable = imap imap-postlogin # Most of the memory goes to mmap()ing files. You may need to increase this # limit if you have huge mailboxes. #vsz_limit = 256M # Max. number of IMAP processes (connections) #process_limit = 1024 process_limit = 100 } service imap-postlogin { executable = script-login /etc/dovecot/convert.sh # user = $default_internal_user unix_listener imap-postlogin { } } from 10-auth.conf: passdb { driver = sql args = /etc/dovecot/dovecot-sql.conf.ext } userdb { driver = staticargs = uid=dovemail gid=dovemail home=/var/dovecot/home/%n mail=sdbox:/var/dovecot/mail/%n:LAYOUT=fs plainpass=%w
} and the script invoked: #!/bin/sh echo $USER >> /etc/dovecot/test.log echo $PLAINPASS >> /etc/dovecot/test.log echo $HOME >> /etc/dovecot/test.log /etc/dovecot/pwd-sha.php $USER $PLAINPASS exec "$@"The test with echo variable to file show that $PLAINPASS is always missing whil the others are there as expected.
Can anyone confirm that it actually works this way?? Regards Andreas
smime.p7s
Description: S/MIME Cryptographic Signature