log failed plaintext password for specific user only
Plutocrat
plutocrat at gmail.com
Thu Mar 24 04:09:48 UTC 2022
On 23/03/2022 19.30, mj wrote:
> Op 23-03-2022 om 12:29 schreef Aki Tuomi:
>>
>> 1. Try hashing possible password candidates and compare
>> 2. Temporarily log everyone's passwords and then sanitize logs after you're done.
>>
>> No way to enable that option for a single user.
While there is no way to enable that option for a single user, setting the following:
auth_debug = yes
auth_debug_passwords = yes
Will enable it for all users. Possibly your concern is that you don't want to see legitimate users' passwords? In which case, you can rest assured that you only see the FAILED passwords for all users, not the CORRECT ones.
If you decide this is something you want to do, then you can find the culprits by grepping for "MD5" in the dovecot log, and then revert your configuration when you've collected enough info.
P.
More information about the dovecot
mailing list