8 Apr
2013
8 Apr
'13
12:32 a.m.
On 7.4.2013, at 14.30, dovecot.pkoch@dfgh.net wrote:
I'm writing a checkpassword script in order to support our OTP token as a fallback for client certificate authentication. Here are two questions:
- It seems to me that the username and the password will be delivered to my script both on file descriptor 3 and via the environment variables AUTH_USER and AUTH_PASSWORD. May I ignore file descriptor 3 and use the environment variables or may it happen that these variables will have differnet content from what is sent via fd 3?
Hmm. The AUTH_PASSWORD wasn't really an intentional addition .. but I guess it can stay there. Some 10 years ago that might not have been such a good idea since there were still some systems where process environment variables were readable to all users in the system, but I doubt there exist such systems anymore (at least where people would want to run Dovecot).
- There seems to be some undocumented interaction between dovecot and my script via file descriptor 4. Seems that whatever I write to fd 4 will show up in syslog (unless it contains newlines). Can I use this "feature" to send error messages from my script to dovecot? What data does dovecot expect on fd 4?
I'm not sure why that happens instead of a complete failure .. but you shouldn't be doing that. If you write to fd 2, it should also go to syslog, right? (If it doesn't, it's a bug.)