Re: [Dovecot] Migrating password scheme

Thu, 21 Mar 2013 13:29:43 -0700 


Zitat von lst_ho...@kwsoft.de:


Zitat von Daryl Richards <da...@isletech.net>:


On 13-03-21 12:51 PM, lst_ho...@kwsoft.de wrote:
by the move to Dovecot we try to alter the password encryption stored in the database from MD5 to CRYPT-SHA256 along the Guide at http://wiki2.dovecot.org/HowTo/ConvertPasswordSchemes. It's mostly working but i still have not found out how to pass the cleartext password to the re-encrypting script. According to the HowTo it should be enough to add "'%w' AS userdb_plain_pass" to the passdb query, to get a environment variable $PLAIN_PASS in the post-login script to pass along. This does not work eg. PLAIN_PASS is always empty. This is Dovecot 2.0.19 from Ubuntu 12.04 LTS. 
It seems to depends on how you are doing your userdb, not passdb..

I use a static userdb, so I have:

userdb {
 args = uid=xx gid=xx home=/xx/xx/%d/%n plain_pass=%w
 driver = static
}


--
Daryl Richards
Isle Technical Services Inc.


Will try that, thanks.

Andreas
Hm, no. Same result. The username works fine but the plaintext password is not available eg. $PLAIN_PASS is always empty when invoking the script. 

Settings from 10-master.conf:

service imap {
  # TEMP fuer Password Hashes
  executable = imap imap-postlogin
  # Most of the memory goes to mmap()ing files. You may need to increase this
  # limit if you have huge mailboxes.
  #vsz_limit = 256M

  # Max. number of IMAP processes (connections)
  #process_limit = 1024
  process_limit = 100
}

service imap-postlogin {
  executable = script-login /etc/dovecot/convert.sh
#  user = $default_internal_user
  unix_listener imap-postlogin {
  }
}


from 10-auth.conf:

passdb {
  driver = sql
  args = /etc/dovecot/dovecot-sql.conf.ext
}

userdb {
  driver = static
args = uid=dovemail gid=dovemail home=/var/dovecot/home/%n mail=sdbox:/var/dovecot/mail/%n:LAYOUT=fs plainpass=%w 
}

and the script invoked:

 #!/bin/sh
echo $USER >> /etc/dovecot/test.log
echo $PLAINPASS >> /etc/dovecot/test.log
echo $HOME >> /etc/dovecot/test.log

/etc/dovecot/pwd-sha.php $USER $PLAINPASS
exec "$@"
The test with echo variable to file show that $PLAINPASS is always missing whil the others are there as expected. 

Can anyone confirm that it actually works this way??

Regards

Andreas

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to