Hey all,
It seems that dovecot does NOT call vchkpw properly when using vpopmail-style authentication, I can only guess that it reads the vpasswd{,.cdb} files directly. This is indicated by the syslog log for the mail facitily which reads:
Jun 30 16:51:30 [vpopmail] vchkpw-smtp: (PLAIN) login success blah@blah.com:24.17.153.137 Jun 30 17:16:25 [pop3-login] Login: blah@blah.com [24.17.153.137] Jun 30 17:47:42 [imap-login] Login: blah@blah.com [216.57.201.58]
pop3-login and imap-login are dovecot processes - vchkpw is never called or there would also be log entries for it. I've verified this with the vpopmail list, who agree that the problem lies within dovecot.
This might not be quite so annoying, but we are using vpopmail compiled with the --enable-learn-passwords option, which will populate the password files with cleartext versions of the passwords where they are missing. Because of dovecot not calling vchkpw, this doesn't work for POP3/IMAP logins, only SMTP (using qmail-smtpd). People don't send mail from every account they poll, and we need to get all of the passwords in cleartext form so that we can complete migration to a PostgreSQL password database which multiple applications will use to authenticate.
Are there plans to make dovecot use vchkpw in the normal checkpassword manner? If not, I'd like to request it. We will probably switch back to qmail-pop3d and bincimap for the time being to finish collecting passwords if we can't get a quick fix...I think we can do that without much impact.
Cheers,
Casey Allen Shobe | http://casey.shobe.info cshobe@seattleserver.com | cell 425-443-4653 AIM & Yahoo: SomeLinuxGuy | ICQ: 1494523 SeattleServer.com, Inc. | http://www.seattleserver.com