[Dovecot] Dovecot doesn't use vchkpw properly :(
Hey all,
It seems that dovecot does NOT call vchkpw properly when using vpopmail-style authentication, I can only guess that it reads the vpasswd{,.cdb} files directly. This is indicated by the syslog log for the mail facitily which reads:
Jun 30 16:51:30 [vpopmail] vchkpw-smtp: (PLAIN) login success blah@blah.com:24.17.153.137 Jun 30 17:16:25 [pop3-login] Login: blah@blah.com [24.17.153.137] Jun 30 17:47:42 [imap-login] Login: blah@blah.com [216.57.201.58]
pop3-login and imap-login are dovecot processes - vchkpw is never called or there would also be log entries for it. I've verified this with the vpopmail list, who agree that the problem lies within dovecot.
This might not be quite so annoying, but we are using vpopmail compiled with the --enable-learn-passwords option, which will populate the password files with cleartext versions of the passwords where they are missing. Because of dovecot not calling vchkpw, this doesn't work for POP3/IMAP logins, only SMTP (using qmail-smtpd). People don't send mail from every account they poll, and we need to get all of the passwords in cleartext form so that we can complete migration to a PostgreSQL password database which multiple applications will use to authenticate.
Are there plans to make dovecot use vchkpw in the normal checkpassword manner? If not, I'd like to request it. We will probably switch back to qmail-pop3d and bincimap for the time being to finish collecting passwords if we can't get a quick fix...I think we can do that without much impact.
Cheers,
Casey Allen Shobe | http://casey.shobe.info cshobe@seattleserver.com | cell 425-443-4653 AIM & Yahoo: SomeLinuxGuy | ICQ: 1494523 SeattleServer.com, Inc. | http://www.seattleserver.com
On 30.6.2005, at 20:49, Casey Allen Shobe wrote:
It seems that dovecot does NOT call vchkpw properly when using vpopmail-style authentication, I can only guess that it reads the vpasswd{,.cdb} files directly.
Right. It uses vpopmail's library directly.
Are there plans to make dovecot use vchkpw in the normal checkpassword manner? If not, I'd like to request it.
1.0-test releases support checkpassword interface directly.
On Thursday 30 June 2005 21:08, Timo Sirainen wrote:
On 30.6.2005, at 20:49, Casey Allen Shobe wrote:
It seems that dovecot does NOT call vchkpw properly when using vpopmail-style authentication, I can only guess that it reads the vpasswd{,.cdb} files directly.
Right. It uses vpopmail's library directly.
Will it continue to work when we change to using PostgreSQL support in vpopmail to store the usernames and passwords in a database?
Cheers,
Casey Allen Shobe | http://casey.shobe.info cshobe@seattleserver.com | cell 425-443-4653 AIM & Yahoo: SomeLinuxGuy | ICQ: 1494523 SeattleServer.com, Inc. | http://www.seattleserver.com
On 1.7.2005, at 02:23, Casey Allen Shobe wrote:
On Thursday 30 June 2005 21:08, Timo Sirainen wrote:
On 30.6.2005, at 20:49, Casey Allen Shobe wrote:
It seems that dovecot does NOT call vchkpw properly when using vpopmail-style authentication, I can only guess that it reads the vpasswd{,.cdb} files directly.
Right. It uses vpopmail's library directly.
Will it continue to work when we change to using PostgreSQL support in vpopmail to store the usernames and passwords in a database?
Yes. vchkpw also uses the same library to access the passwords. It just does a bit more than what Dovecot does (the password saving).
participants (2)
-
Casey Allen Shobe
-
Timo Sirainen