[Dovecot] [RFE] A way to encode passwords in the /etc/imap.passwd file
Pascal Volk
user+dovecot at localhost.localdomain.org
Wed Feb 3 19:33:58 EET 2010
On 02/03/2010 05:59 PM Răzvan Sandu wrote:
> Hello,
>
>
> Is this the proper place to suggest an enhancement for the stock dovecot
> package ?
>
>
> The enhancement would be the following:
>
> For the time being, the dovecotpw utility offers a standardised way to
> interactively encode a user password in a certain scheme, say:
>
> dovecotpw -s CRYPT
> Enter new passord:
> Re-enter new password:
> etc.
>
> Given a *valid* /etc/imap.passwd file (passwd-file authentication),
> dovecotpw should be able to process it non-interactively and output
> another text file with all {PLAIN} passwords converted in the specified
> <scheme>, i.e.:
>
> dovecotpwd -s CRYPT if=/etc/imap.passwd of=/etc/imap.passwd.converted
>
> where /etc/imap.passwd.converted have the previously {PLAIN} passwords
> converted in scheme CRYPT.
>
> Passwords that were previously encrypted in other schemes than {PLAIN}
> shoud remain untouched.
>
> That will allow quick securing of old legacy /etc/imap.passwd files.
>
Get a fresh cup of coffee and start your favorite editor. Pseudo code
infile := /etc/imap.passwd
outfile := /etc/imap.passwd.converted
infilehandle := open(infile)
outfilehandle := (outfile)
loop over lines from infilehandle
when looks_like_plain(current_line)
current_line := crypt_line(current_line)
write_line(current_line, outfilehandle)
write(outfilehandle)
close(infilehandle)
close(outfilehandle)
The function looks_like_plain splits the line at the colon and checks if
the content n-the field is {PLAIN}.
crypt_line takes the line, splits it, crypts the password an returns a
line with a crypted password.
Or define crypt_line the way, it returns the line as it comes in, if the
password is crypted already, if the password is plain, do it as
described above.
Regards,
Pascal
--
The trapper recommends today: beeffeed.1003418 at localdomain.org
More information about the dovecot
mailing list