[Dovecot] auth_debug_passwords
Has anyone tried patching the 1.2.x source to force logging of all passwords submitted during authentication, not just those that fail?
On 8.1.2011, at 2.19, Dave Brenner wrote:
Has anyone tried patching the 1.2.x source to force logging of all passwords submitted during authentication, not just those that fail?
It depends on what you need.. but, as the subject suggests, auth_debug_passwords=yes does basically that for plaintext authentication. You just need to de-base64-decode base64 the base64-encoded data. If that's not enough for you, be more specific what exactly you need.
On 1/7/2011 4:32 PM, Timo Sirainen wrote:
It depends on what you need.. but, as the subject suggests, auth_debug_passwords=yes does basically that for plaintext authentication. You just need to de-base64-decode base64 the base64-encoded data. If that's not enough for you, be more specific what exactly you need.
Based on the info we could find in the wiki and elsewhere, we were under the impression that this feature would only log failed passwords. But after reading your response, we gave it a try and found that it will give us exactly what we need. The null between the user name and password threw us off at first, though. :-)
Thanks!
participants (2)
-
Dave Brenner
-
Timo Sirainen