[Dovecot] [RFE] A way to encode passwords in the /etc/imap.passwd file

Pascal Volk user+dovecot at localhost.localdomain.org
Wed Feb 3 19:33:58 EET 2010

On 02/03/2010 05:59 PM Răzvan Sandu wrote:
> Hello,
> Is this the proper place to suggest an enhancement for the stock dovecot 
> package ?
> The enhancement would be the following:
> For the time being, the dovecotpw utility offers a standardised way to 
> interactively encode a user password in a certain scheme, say:
> dovecotpw -s CRYPT
> Enter new passord:
> Re-enter new password:
> etc.
> Given a *valid* /etc/imap.passwd file (passwd-file authentication), 
> dovecotpw should be able to process it non-interactively and output 
> another text file with all {PLAIN} passwords converted in the specified 
> <scheme>, i.e.:
> dovecotpwd -s CRYPT if=/etc/imap.passwd of=/etc/imap.passwd.converted
> where /etc/imap.passwd.converted have the previously {PLAIN} passwords 
> converted in scheme CRYPT.
> Passwords that were previously encrypted in other schemes than {PLAIN} 
> shoud remain untouched.
> That will allow quick securing of old legacy /etc/imap.passwd files.

Get a fresh cup of coffee and start your favorite editor. Pseudo code

    infile := /etc/imap.passwd
    outfile := /etc/imap.passwd.converted

    infilehandle := open(infile)
    outfilehandle := (outfile)

    loop over lines from infilehandle
        when looks_like_plain(current_line)
            current_line := crypt_line(current_line)
        write_line(current_line, outfilehandle)


The function looks_like_plain splits the line at the colon and checks if
the content  n-the field is {PLAIN}.
crypt_line takes the line, splits it, crypts the password an returns a
line with a crypted password.

Or define crypt_line the way, it returns the line as it comes in, if the
password is crypted already, if the password is plain, do it as
described above.

The trapper recommends today: beeffeed.1003418 at localdomain.org

More information about the dovecot mailing list