[Dovecot] Last login tracking with login_executable

Timo Sirainen tss at iki.fi
Thu Oct 14 17:00:32 EEST 2010


On Thu, 2010-10-14 at 09:55 +0100, Ed W wrote:

> > Is there any way to make Dovecot use the same username/password for
> > database access as userdb and passdb queries? Specifying the password
> > with -p doesn't seem like a good idea, so I'm wondering if it can be
> > handled by Dovecot directly.
> If your risk is that the user compromises the login process and can see 
> the login script 

BTW. That's not enough. The login process is chrooted to nearly empty
directory and can't read anything. To read the post-login script the
user would have to compromise imap/pop3 process (which is more likely
anyway, because they're more complex). But that could also be prevented
by not giving that process read access to the script.

I think more problematic is that the -p password shows up in ps list.
That can be avoided by placing the script to MySQL's config file.
http://dev.mysql.com/doc/refman/5.1/en/password-security-user.html




More information about the dovecot mailing list