On 7.4.2013, at 14.30, dovecot.pk...@dfgh.net wrote: > I'm writing a checkpassword script in order to support our OTP token > as a fallback for client certificate authentication. Here are two > questions: > > 1) It seems to me that the username and the password will be > delivered to my script both on file descriptor 3 and via the > environment variables AUTH_USER and AUTH_PASSWORD. > May I ignore file descriptor 3 and use the environment variables > or may it happen that these variables will have differnet content > from what is sent via fd 3?
Hmm. The AUTH_PASSWORD wasn't really an intentional addition .. but I guess it can stay there. Some 10 years ago that might not have been such a good idea since there were still some systems where process environment variables were readable to all users in the system, but I doubt there exist such systems anymore (at least where people would want to run Dovecot). > 2) There seems to be some undocumented interaction between > dovecot and my script via file descriptor 4. Seems that whatever > I write to fd 4 will show up in syslog (unless it contains newlines). > Can I use this "feature" to send error messages from my script > to dovecot? What data does dovecot expect on fd 4? I'm not sure why that happens instead of a complete failure .. but you shouldn't be doing that. If you write to fd 2, it should also go to syslog, right? (If it doesn't, it's a bug.)