[Dovecot] Accessing plain text password from memory

Timo Sirainen tss at iki.fi
Fri Dec 13 16:47:23 EET 2013


On 13.12.2013, at 16.37, Stanislas SABATIER <s.sabatier at pobox.com> wrote:

> Is there a way to retrieve the client's password in plain text from memory ?
> 
> I don't store the password in plain text in my postgreSQL but I need it
> when the client is connected to make crypto computation.
> 
> If I write a plugin to do the job, how could I retrieve the plain text
> password from master ?

Assuming you you're using passdb sql and userdb prefetch and you want to access the password in imap/pop3/etc process, you can do:

password_query = '%w' as userdb_password, ...

Then the password will be available the same way as plugin { password } would be available (mail_user_plugin_getenv()).

You could also write a passdb plugin you could access the password directly from auth_request->mech_password.



More information about the dovecot mailing list