Hello, "doveadm auth user password" may be scripted without a glitch. But this comes with the usual problem of a "ps" command showing the password, which may be especially annoying in case of a single-letter typo: the almost correct password is then visible for about two seconds... Clearing the password argument (zeroing it) in doveadm-auth.c, in the hope to reduce the window during which the password may be catched, didn't prove successful. "doveadm auth user" could be an alternative, but it imperatively requires a tty, which may not always easily nor efficiently be available in a scripting environment. I thus ended with this very quick and dirty hack (I guess this should be named that way): --- askpass.original.c 2010-05-31 18:36:52.000000000 +0200 +++ askpass.c 2010-11-27 19:12:03.000000000 +0100 @@ -16,8 +16,24 @@ char ch; int fd; + // A very crude attempt... this supposes that STDIN not being a tty + // may never happen outside of "doveadm auth", and that STDIN will + // always be clean. + //if (!isatty(STDIN_FILENO)) + // i_fatal("stdin isn't a TTY"); if (!isatty(STDIN_FILENO)) - i_fatal("stdin isn't a TTY"); + { + pos = 0; + while (read(STDIN_FILENO, &ch, 1) > 0) { + if (pos >= buf_size-1) + break; + if (ch == '\n' || ch == '\r') + break; + buf[pos++] = ch; + } + buf[pos] = '\0'; + return; + } fputs(prompt, stderr); fflush(stderr); but this for sure must overlook a lot of things. What would be the best way to achieve a scriptable "doveadm auth", say through php's proc_open(), without possibly compromise passwords? TIA, Axel