Zitat von lst_hoe02@kwsoft.de:

Zitat von Daryl Richards <daryl@isletech.net>:

...

On 13-03-21 12:51 PM, lst_hoe02@kwsoft.de wrote:

...

by the move to Dovecot we try to alter the password encryption
stored in the database from MD5 to CRYPT-SHA256 along the Guide at
http://wiki2.dovecot.org/HowTo/ConvertPasswordSchemes. It's mostly
working but i still have not found out how to pass the cleartext
password to the re-encrypting script. According to the HowTo it
should be enough to add "'%w' AS userdb_plain_pass" to the passdb
query, to get a environment variable $PLAIN_PASS in the post-login
script to pass along. This does not work eg. PLAIN_PASS is always empty. This is Dovecot
2.0.19 from Ubuntu 12.04 LTS. It seems to depends on how you are doing your userdb, not passdb..

I use a static userdb, so I have:

userdb { args = uid=xx gid=xx home=/xx/xx/%d/%n plain_pass=%w driver = static }

-- Daryl Richards Isle Technical Services Inc.

Will try that, thanks.

Andreas

Hm, no. Same result. The username works fine but the plaintext
password is not available eg. $PLAIN_PASS is always empty when
invoking the script.

Settings from 10-master.conf:

service imap {

TEMP fuer Password Hashes

executable = imap imap-postlogin

Most of the memory goes to mmap()ing files. You may need to increase this

limit if you have huge mailboxes.

#vsz_limit = 256M

Max. number of IMAP processes (connections)

#process_limit = 1024 process_limit = 100 }

service imap-postlogin { executable = script-login /etc/dovecot/convert.sh

user = $default_internal_user

unix_listener imap-postlogin { } }

from 10-auth.conf:

passdb { driver = sql args = /etc/dovecot/dovecot-sql.conf.ext }

userdb { driver = static args = uid=dovemail gid=dovemail home=/var/dovecot/home/%n
mail=sdbox:/var/dovecot/mail/%n:LAYOUT=fs plainpass=%w }

and the script invoked:

#!/bin/sh echo $USER >> /etc/dovecot/test.log echo $PLAINPASS >> /etc/dovecot/test.log echo $HOME >> /etc/dovecot/test.log

/etc/dovecot/pwd-sha.php $USER $PLAINPASS exec "$@"

The test with echo variable to file show that $PLAINPASS is always
missing whil the others are there as expected.

Can anyone confirm that it actually works this way??

Regards

Andreas

Zitat von Daryl Richards <daryl@isletech.net>:

On 13-03-21 4:29 PM, lst_hoe02@kwsoft.de wrote:

...

userdb { driver = static args = uid=dovemail gid=dovemail home=/var/dovecot/home/%n
mail=sdbox:/var/dovecot/mail/%n:LAYOUT=fs plainpass=%w }

and the script invoked:

#!/bin/sh echo $USER >> /etc/dovecot/test.log echo $PLAINPASS >> /etc/dovecot/test.log echo $HOME >> /etc/dovecot/test.log I can confirm it works... The variable is actually plain_pass, and
$PLAIN_PASS, with the underscore.

If have first used also plain_pass without success. The plainpass was
used as test to see if there is some problem with the "_". What
Dovecot version do you use?

Regards

Andreas

Zitat von Timo Sirainen <tss@iki.fi>:

On 21.3.2013, at 18.51, lst_hoe02@kwsoft.de wrote:

...

Hello,

by the move to Dovecot we try to alter the password encryption
stored in the database from MD5 to CRYPT-SHA256 along the Guide at
http://wiki2.dovecot.org/HowTo/ConvertPasswordSchemes. It's mostly
working but i still have not found out how to pass the cleartext
password to the re-encrypting script. According to the HowTo it
should be enough to add "'%w' AS userdb_plain_pass" to the passdb
query, to get a environment variable $PLAIN_PASS in the post-login
script to pass along. This does not work eg. PLAIN_PASS is always empty. This is Dovecot
2.0.19 from Ubuntu 12.04 LTS.

userdb_plain_pass method requires that you use userdb prefetch.

And Daryl's method of using %w in regular userdb .. I'm not really
sure how well that works. Could easily be that different Dovecot
versions behave differently.

Hello,

with "userdb prefetch" it works. Sorry it was not clear to me that
userdb prefetch *must* be used to get *this* userdb setting to work.
Maybe it should be listed at
http://wiki2.dovecot.org/HowTo/ConvertPasswordSchemes. Furthermore the
example listed there does a migration from CRYPT to SHA256 (salted)
but not CRYPT-SHA256 which is recommended, no?

Regards

Andreas

On 22.3.2013, at 20.13, Daryl Richards <daryl@isletech.net> wrote:

On 21/03/2013 17:39, Timo Sirainen wrote:

...

userdb_plain_pass method requires that you use userdb prefetch. And Daryl's method of using %w in regular userdb .. I'm not really sure how well that works. Could easily be that different Dovecot versions behave differently.

So, basically what I am doing may fail at any time? Guess it's time to go play with config.

BTW, I'm using 2.1.15 so it still works there…

Well, I think v2.0 cleared the password early and v2.1 only after everything is fully finished. And I'm not at least planning changing it back. So I guess your config will stay working. :)