[Dovecot] Virtual User Home Directory, and APOP Clear Text Passwords

Timo Sirainen tss at iki.fi
Fri May 11 17:45:23 EEST 2007 

On Fri, 2007-05-11 at 12:22 +0800, imacat wrote:
> Dear all,
> 
>     Hi.  This is imacat from Taiwan.  I'm new to this list.
> 
>     I was migrating from Qpopper to Dovecot.  (Qpopper copies the
> mailbox when POP3 logged in, which causes quota problem.)  Generally
> Dovecot is nice.  However, I have a few questions:
> 
>      1. I have a few virtual users, and I'm not using IMAP.  Do I still
> have to give them a writable home directory?  I mean, they exists only
> for me to receive mails from fetchmail.  They really have nothing but
> their inbox.  But if I do not give them a writable home directory, I got
> this error in my syslog all the time:
> 
> mbox: Can't create root mail directory /home/homeless/mail: Permission denied

See the bottom of http://wiki.dovecot.org/MailLocation/Mbox

>      2. I would like to use APOP in addition to SSL/TLS.  Currently
> Dovecot saves APOP passwords as clear text.  I understand this.  But is
> it possible to have some sort of encoding, for example, Base64?  Just to
> prevent casual reads.  I have several users.  I do not want to know
> their passwords just to add them to the APOP database.  I do not want
> other roots to read my passwords, intended or not.
> 
>         Encoded passwords also have the advantage that I can use
> passwords that contain the colon sign ":".  It would be nice if
> something a little harder than Base64 can be used.

Currently there isn't anything like that. But I guess for v1.1 I could
finally make it possible to specify base64/hex encoding in the scheme,
so you could use eg. {plain.b64} or {plain.hex}.

If you really need this now you could also modify the sources yourself.
It should be pretty easy to add a new plain.b64 scheme to
src/auth/password-scheme.c (could also be implemented as a plugin)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20070511/564c8e59/attachment.pgp

More information about the dovecot mailing list