On Thu, 2010-10-14 at 09:55 +0100, Ed W wrote:
Is there any way to make Dovecot use the same username/password for database access as userdb and passdb queries? Specifying the password with -p doesn't seem like a good idea, so I'm wondering if it can be handled by Dovecot directly. If your risk is that the user compromises the login process and can see the login script
BTW. That's not enough. The login process is chrooted to nearly empty directory and can't read anything. To read the post-login script the user would have to compromise imap/pop3 process (which is more likely anyway, because they're more complex). But that could also be prevented by not giving that process read access to the script.
I think more problematic is that the -p password shows up in ps list. That can be avoided by placing the script to MySQL's config file. http://dev.mysql.com/doc/refman/5.1/en/password-security-user.html