[Dovecot] Accessing plain text password from memory

Stanislas SABATIER stan at email-prive.net
Fri Dec 13 17:00:24 EET 2013


Thanks for the info, I'll dig this option.

Regards,
Stan.

Le 13 déc. 2013 à 15:47, Timo Sirainen <tss at iki.fi> a écrit :

> On 13.12.2013, at 16.37, Stanislas SABATIER <s.sabatier at pobox.com> wrote:
> 
>> Is there a way to retrieve the client's password in plain text from memory ?
>> 
>> I don't store the password in plain text in my postgreSQL but I need it
>> when the client is connected to make crypto computation.
>> 
>> If I write a plugin to do the job, how could I retrieve the plain text
>> password from master ?
> 
> Assuming you you're using passdb sql and userdb prefetch and you want to access the password in imap/pop3/etc process, you can do:
> 
> password_query = '%w' as userdb_password, ...
> 
> Then the password will be available the same way as plugin { password } would be available (mail_user_plugin_getenv()).
> 
> You could also write a passdb plugin you could access the password directly from auth_request->mech_password.
> 



More information about the dovecot mailing list