[Dovecot] Migrating password scheme

[Joseph Tam]

Andreas wrote:

> > I tried the userdb prefetch / postlogin script method to do some password
> > manipulation, but it doesn't appear to work for me.  In particular, I
> > don't think this method works with
> >
> > 	userdb {
> > 		driver = passwd-file
> > 		args = /path/to/passwd-file userdb_pw=%w
> > 	}
> >
> 
> From what i understand you have to set a userdb_<something> variable 
> with passdb and userdb prefetch set. The %w variable seems to be 
> already empty (again?) at userdb stage.

Did all of that.  The problem is not prefetching, but that you can't pass
arguments via the args=....  Dovecot parses the entire line as a password
file pathname.

Timo Sirainen definitively writes:

> With v2.1 try:
> 
> userdb {
>   driver = passwd-file
>   args = /path/to/passwd-file
>   default_fields = pw=%w
> }

Thanks, Timo.  This works beautifully.  Furthermore, it doesn't need
the userdb prefetch.  Summarizing, the minimal incantation for passing
dovecot variables to the post-login script is

 	userdb {
 		driver = passwd-file
 		args = /var/dovecot/test/passwd
 		default_fields = pw=%w
 	}

 	service imap {
 		executable = imap postlogin
 		...
 	}

 	service pop3 {
 		executable = imap postlogin
 		...
 	}

 	service postlogin {
 		executable = script-login /path/to/postlogin-exec
 		# Careful -- defaults to root
 		user = $default_internal_user
 		unix_listener postlogin {
 		}
 	}

I've updated the Dovecot2 wiki, but I am unsure which userdb's
"default_fields" applies to, and whether it just applies to postlogin
scripts, so I documented it at

 	http://wiki2.dovecot.org/AuthDatabase/PasswdFile

Joseph Tam <jtam.home at gmail.com>