On 02/03/2010 05:59 PM Răzvan Sandu wrote:

Hello,

Is this the proper place to suggest an enhancement for the stock dovecot package ?

The enhancement would be the following:

For the time being, the dovecotpw utility offers a standardised way to interactively encode a user password in a certain scheme, say:

dovecotpw -s CRYPT Enter new passord: Re-enter new password: etc.

Given a *valid* /etc/imap.passwd file (passwd-file authentication), dovecotpw should be able to process it non-interactively and output another text file with all {PLAIN} passwords converted in the specified <scheme>, i.e.:

dovecotpwd -s CRYPT if=/etc/imap.passwd of=/etc/imap.passwd.converted

where /etc/imap.passwd.converted have the previously {PLAIN} passwords converted in scheme CRYPT.

Passwords that were previously encrypted in other schemes than {PLAIN} shoud remain untouched.

That will allow quick securing of old legacy /etc/imap.passwd files.

Get a fresh cup of coffee and start your favorite editor. Pseudo code

infile := /etc/imap.passwd
outfile := /etc/imap.passwd.converted

infilehandle := open(infile)
outfilehandle := (outfile)

loop over lines from infilehandle
    when looks_like_plain(current_line)
        current_line := crypt_line(current_line)
    write_line(current_line, outfilehandle)

write(outfilehandle)
close(infilehandle)
close(outfilehandle)

The function looks_like_plain splits the line at the colon and checks if the content n-the field is {PLAIN}. crypt_line takes the line, splits it, crypts the password an returns a line with a crypted password.

Or define crypt_line the way, it returns the line as it comes in, if the password is crypted already, if the password is plain, do it as described above.

Regards, Pascal

The trapper recommends today: beeffeed.1003418@localdomain.org