[Dovecot] [RFE] A way to encode passwords in the /etc/imap.passwd file

[Pascal Volk]

On 02/03/2010 05:59 PM Răzvan Sandu wrote:
> Hello,
> 
> 
> Is this the proper place to suggest an enhancement for the stock dovecot 
> package ?
> 
> 
> The enhancement would be the following:
> 
> For the time being, the dovecotpw utility offers a standardised way to 
> interactively encode a user password in a certain scheme, say:
> 
> dovecotpw -s CRYPT
> Enter new passord:
> Re-enter new password:
> etc.
> 
> Given a *valid* /etc/imap.passwd file (passwd-file authentication), 
> dovecotpw should be able to process it non-interactively and output 
> another text file with all {PLAIN} passwords converted in the specified 
> <scheme>, i.e.:
> 
> dovecotpwd -s CRYPT if=/etc/imap.passwd of=/etc/imap.passwd.converted
> 
> where /etc/imap.passwd.converted have the previously {PLAIN} passwords 
> converted in scheme CRYPT.
> 
> Passwords that were previously encrypted in other schemes than {PLAIN} 
> shoud remain untouched.
> 
> That will allow quick securing of old legacy /etc/imap.passwd files.
> 


Get a fresh cup of coffee and start your favorite editor. Pseudo code

    infile := /etc/imap.passwd
    outfile := /etc/imap.passwd.converted

    infilehandle := open(infile)
    outfilehandle := (outfile)

    loop over lines from infilehandle
        when looks_like_plain(current_line)
            current_line := crypt_line(current_line)
        write_line(current_line, outfilehandle)

    write(outfilehandle)
    close(infilehandle)
    close(outfilehandle)

The function looks_like_plain splits the line at the colon and checks if
the content  n-the field is {PLAIN}.
crypt_line takes the line, splits it, crypts the password an returns a
line with a crypted password.

Or define crypt_line the way, it returns the line as it comes in, if the
password is crypted already, if the password is plain, do it as
described above.


Regards,
Pascal
-- 
The trapper recommends today: beeffeed.1003418 at localdomain.org