[Dovecot] Log successful login plain text password

Marco Fretz marco.fretz at gmail.com
Wed Aug 28 10:14:03 EEST 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/28/2013 09:08 AM, wkaha at yahoo.com wrote:
> Hi Marco
>
> when running dovecot -a you will find
> auth_*
>
> I think you could you auth_verbose_passwords to fit your needs.

thanks. I've already tried this, but it doesn't log the password on
successful logins, only when there is password missmatch:

from the conf / manual:
"
# In case of password mismatches, log the attempted password. Valid
values are
# no, plain and sha1. sha1 can be useful for detecting brute force password
# attempts vs. user simply trying the same password over and over again.
#auth_verbose_passwords = no
"

any other ideas? :)

>
> all the best
>
>
>
>
> On 28.08.2013, at 08:57, Marco Fretz wrote:
>
>>
> Hi everyone,
>
> I want to use dovecot as a IMAP and POP3 proxy in front of our current
> E-Mail hosting server to log the plain text passwords of all successful
> logins for migration reasons. Actually I don't need the password to see
> in plain text, storing them as SHA256-CRYPT (or something dovecot can
> use later for auth) hash in a file or DB would be fine, too.
>
> I need this for the migration from the current mail server (using
> proprietary hashing to store passwords) to a new postfix / dovecot base
> mail system.
>
> I played around with "auth_debug_passwords" and all debug / logging
> options I found in the manual. Nothing logs successful login plaintext
> passwords.
>
> Any hint welcome.
>
> Thanks a lot,
> Marco
>
>>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJSHaM2AAoJEKxm7Ju3UATuaDcQAIIisd1T999xbuP8fBP19gAV
c0/rMGZxy69P2QLp7Y3Lwn6LXXeAiICFWRBtXkoOsVzGXazM+IB6OMr2H3Xa/37v
kyO3nfS9+nD3crzPIVM6pQKnDH5ON8Jwr1Y7pufnwb5cvxZzrcB4hZk+dFcLu9eN
wwAAB0mRuT1b3gqnX8rtVqqDQPF+vgefrEDEDxysO7fq7I+RlWsbHDKV4porGkd8
3mf+PoQ+QmStgMyVh906taGpainYaARe0O5yoeAO/5/jTOODrzT6vcwv4ffDcp/p
NGZUtpomPw9+C4/BXBwPPlYcUNCktaxpVFp5LyBnOLs9WckDZzNpzD0m/HjvFmEI
WvgFh3QPK1APTKwsLD1YArfHGqs7/tJRhPDPTI9oO7Y55WP6hJvMNNji0eihDwoG
SO7dQkfs/3jIx0AwNN/2M/cT/zBTCPsuqyhAimRMStxR/TYbp9pXxBwAjRv16NS5
NwoL0nXnyPUt+l3deYiYF+wMJG8LVVn11UXTrwEJ7hzIfkiOs9EHKAdKznw74ryl
FaqVL3D52cLdYUpfVVj1GaLQT+eIxP9uRbzIKLGzTR6bYWYX4W3YwflicPt9HozH
5H/1eiXXbEu44/h5jbZ2+AAncwsLomBC5fJYRiyZVZcXSozpRFhKkk5q7LSwZtVM
WgX/qVgpWSKAsuTPbgtG
=C9DH
-----END PGP SIGNATURE-----



More information about the dovecot mailing list