Hi,
On Thu, Oct 14, 2010 at 03:00:32PM +0100, Timo Sirainen wrote:
On Thu, 2010-10-14 at 09:55 +0100, Ed W wrote:
Is there any way to make Dovecot use the same username/password for database access as userdb and passdb queries? Specifying the password with -p doesn't seem like a good idea, so I'm wondering if it can be handled by Dovecot directly. If your risk is that the user compromises the login process and can see the login script
BTW. That's not enough. The login process is chrooted to nearly empty directory and can't read anything. To read the post-login script the user would have to compromise imap/pop3 process (which is more likely anyway, because they're more complex). But that could also be prevented by not giving that process read access to the script.
I think more problematic is that the -p password shows up in ps list. That can be avoided by placing the script to MySQL's config file. http://dev.mysql.com/doc/refman/5.1/en/password-security-user.html
Sorry for not describing the problem clearly. Timo is spot on the problem I was trying to describe.
I was wondering if it would be possible to read the username/password from a Dovecot config file (like userdb/passdb/quota/expire) instead of using my.cnf.
Thanks!
-- Denny Lin