Tip: update dovecot MD5 password from PAM

Ruga ruga at protonmail.com
Mon Mar 27 23:10:43 EEST 2017


Right. But that's what I experienced.

The next experiment is sheduled in
two weeks... I will keep notes and
logs for you.

Sent from ProtonMail Mobile

On Mon, Mar 27, 2017 at 2:21 PM, Aki Tuomi <aki.tuomi at dovecot.fi> wrote:

On 27.03.2017 01:13, Ruga wrote:
> It is a jolly bad idea to use the same password for both email and system access.
>
> On TLS+plaintext, if your passwords are slurped by a python script, all accounts are compromised. Congratulations, the NSA will love you. On the other side of the ocean, however, there are European states where you must disclose the fact, or go to jail.
>
> (I tried to protect dovecot passwords with bcrypt, but the mail clients refused it.)

Uh, what? Mail clients do not see how you are storing passwords locally.

>
> Sent from ProtonMail Mobile

Aki


More information about the dovecot mailing list