[Dovecot] Last login tracking with login_executable
dennylin93 at hs.ntnu.edu.tw
Thu Oct 14 17:04:37 EEST 2010
On Thu, Oct 14, 2010 at 03:00:32PM +0100, Timo Sirainen wrote:
> On Thu, 2010-10-14 at 09:55 +0100, Ed W wrote:
> > > Is there any way to make Dovecot use the same username/password for
> > > database access as userdb and passdb queries? Specifying the password
> > > with -p doesn't seem like a good idea, so I'm wondering if it can be
> > > handled by Dovecot directly.
> > If your risk is that the user compromises the login process and can see
> > the login script
> BTW. That's not enough. The login process is chrooted to nearly empty
> directory and can't read anything. To read the post-login script the
> user would have to compromise imap/pop3 process (which is more likely
> anyway, because they're more complex). But that could also be prevented
> by not giving that process read access to the script.
> I think more problematic is that the -p password shows up in ps list.
> That can be avoided by placing the script to MySQL's config file.
Sorry for not describing the problem clearly. Timo is spot on the
problem I was trying to describe.
I was wondering if it would be possible to read the username/password
from a Dovecot config file (like userdb/passdb/quota/expire) instead of
More information about the dovecot