dovecot - May 2007 - Virtual User Home Directory, and APOP Clear Text Passwords

Dear all,

    Hi.  This is imacat from Taiwan.  I'm new to this list.

    I was migrating from Qpopper to Dovecot.  (Qpopper copies the
mailbox when POP3 logged in, which causes quota problem.)  Generally
Dovecot is nice.  However, I have a few questions:

     1. I have a few virtual users, and I'm not using IMAP.  Do I still
have to give them a writable home directory?  I mean, they exists only
for me to receive mails from fetchmail.  They really have nothing but
their inbox.  But if I do not give them a writable home directory, I got
this error in my syslog all the time:

mbox: Can't create root mail directory /home/homeless/mail: Permission
denied

     2. I would like to use APOP in addition to SSL/TLS.  Currently
Dovecot saves APOP passwords as clear text.  I understand this.  But is
it possible to have some sort of encoding, for example, Base64?  Just to
prevent casual reads.  I have several users.  I do not want to know
their passwords just to add them to the APOP database.  I do not want
other roots to read my passwords, intended or not.

        Encoded passwords also have the advantage that I can use
passwords that contain the colon sign ":".  It would be nice if
something a little harder than Base64 can be used.

    Thank you very much in advance.

-- 
imacat ^_*'
imacat at mail.imacat.idv.tw
PGP Key: http://www.imacat.idv.tw/me/pgpkey.txt

Tavern IMACAT's http://www.imacat.idv.tw/
Woman's Voice http://www.wov.idv.tw/
TLUG List Manager http://www.linux.org.tw/mailman/listinfo/tlug
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20070511/83866578/attachment.bin>

On Fri, 2007-05-11 at 12:22 +0800, imacat wrote:
> Dear all,
> 
>     Hi.  This is imacat from Taiwan.  I'm new to this list.
> 
>     I was migrating from Qpopper to Dovecot.  (Qpopper copies the
> mailbox when POP3 logged in, which causes quota problem.)  Generally
> Dovecot is nice.  However, I have a few questions:
> 
>      1. I have a few virtual users, and I'm not using IMAP.  Do I still
> have to give them a writable home directory?  I mean, they exists only
> for me to receive mails from fetchmail.  They really have nothing but
> their inbox.  But if I do not give them a writable home directory, I got
> this error in my syslog all the time:
> 
> mbox: Can't create root mail directory /home/homeless/mail: Permission
denied
See the bottom of http://wiki.dovecot.org/MailLocation/Mbox
>      2. I would like to use APOP in addition to SSL/TLS.  Currently
> Dovecot saves APOP passwords as clear text.  I understand this.  But is
> it possible to have some sort of encoding, for example, Base64?  Just to
> prevent casual reads.  I have several users.  I do not want to know
> their passwords just to add them to the APOP database.  I do not want
> other roots to read my passwords, intended or not.
> 
>         Encoded passwords also have the advantage that I can use
> passwords that contain the colon sign ":".  It would be nice if
> something a little harder than Base64 can be used.
Currently there isn't anything like that. But I guess for v1.1 I could
finally make it possible to specify base64/hex encoding in the scheme,
so you could use eg. {plain.b64} or {plain.hex}.

If you really need this now you could also modify the sources yourself.
It should be pretty easy to add a new plain.b64 scheme to
src/auth/password-scheme.c (could also be implemented as a plugin)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20070511/564c8e59/attachment.bin>