[Dovecot] checkpassword memory limit
Hi. I am trying to authenticate dovecot from a wordpress database. I was thinking of using the checkpassword script to start a cli php script. That php script would then include the necessary wordpress functions, do the auth (find the wp username from user database using the email address, and authenticate with the user/pass), and return the result to the checkpassword script. I made the above scripts (the php script will be used to authenticate some other services too), and when I run them "by hand" (even with "sudo -u dovecot ..."), it works. But, when the dovecot runs them, the php runs out of memory. After a lot of debuging, I find out that when the dovecot starts the checkpassword script, it makes a 250kB memory limit. But it is not enough for the php script, it needs 14MB. I tried to put a "ulimit -v 16777216" into the checkpassword.sh, but it doesn't work.Is there some hardcoded limit in the dovecot itself? And if there is, could it be somehow changed?I am using a simple D ebian Wheezy LAMP, and installed everything from repo. Thanks for every idea.
Am 2014-06-05 19:33, schrieb a:
Hi. I am trying to authenticate dovecot from a wordpress database. I was thinking of using the checkpassword script to start a cli php script. That php script would then include the necessary wordpress functions, do the auth (find the wp username from user database using the email address, and authenticate with the user/pass), and return the result to the checkpassword script. I made the above scripts (the php script will be used to authenticate some other services too), and when I run them "by hand" (even with "sudo -u dovecot ..."), it works. But, when the dovecot runs them, the php runs out of memory. After a lot of debuging, I find out that when the dovecot starts the checkpassword script, it makes a 250kB memory limit. But it is not enough for the php script, it needs 14MB. I tried to put a "ulimit -v 16777216" into the checkpassword.sh, but it doesn't work.Is there some hardcoded limit in the dovecot itself? And if there is, could it be somehow changed?I am using a simple D ebian Wheezy LAMP, and installed everything from repo. Thanks for every idea.
The whole concept sounds quite error-prone. Can't you query the database directly?
-- Alex JOST
Unfortunately not. It uses the PHPass, which is more complicated than a simple hash (it uses salting and stretching, making it more secure against a brute-force attacks). Although the phpass is available as python or perl script, I want to use the wordpress' functions. Then it would be "future-proof", I mean if they change the password hashing process, it wouldn't broke the other services (i.e. dovecot): there is a function in wordpress, where I supply the hash and the cleartext password, and it returns a boolean value, of the hash being the password's hash.I am working now to use curl with post methods instead the php cli. Because it will use the web-server, I think there would be no memory problem. But it means also, that the auth php would be accessible from the internet, and I didn't like it so much. But hey, something for something :) I am not a programmer, so I can't "read" source codes. But if a programmer reads this, and have a spare few minutes, please be so kind to look at the dovecot's source code, and if finds out the memory limit of the checkpassword method (is it hard-coded, or it could be changed in the config), please drop a few lines. I would be grateful. Thanks.
Alex JOST <jost+lists@dimejo.at> írta:
Am 2014-06-05 19:33, schrieb a:
Hi. I am trying to authenticate dovecot from a wordpress database. I was thinking of using the checkpassword script to start a cli php script. That php script would then include the necessary wordpress functions, do the auth (find the wp username from user database using the email address, and authenticate with the user/pass), and return the result to the checkpassword script. I made the above scripts (the php script will be used to authenticate some other services too), and when I run them "by hand" (even with "sudo -u dovecot ..."), it works. But, when the dovecot runs them, the php runs out of memory. After a lot of debuging, I find out that when the dovecot starts the checkpassword script, it makes a 250kB memory limit. But it is not enough for the php script, it needs 14MB. I tried to put a "ulimit -v 16777216" into the checkpassword.sh, but it doesn't work.Is there some hardcoded limit in the dovecot itself? And if there is, could it be somehow changed?I am using a simple D ebian Wheezy LAMP, and installed everything from repo. Thanks for every idea.
The whole concept sounds quite error-prone. Can't you query the database directly?
-- Alex JOST
participants (2)
-
a
-
Alex JOST