dovecot - Jun 2009 - Password environment variable - logging the password

Hi,

We?re migrating to a Cpanel hosting system.

Our passwords are currently stored in MD5.

I looked at the post login scripting to be able to start storing the plain
text passwords as people login temporarily so we can automate our migration.

It seems that the password is not available in the post login environment
variables.

Is there any way we can get access to the plain text password upon login so
we can insert this into our user table?

Best regards,

Donovan

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 4 Jun 2009, Donovan Craig wrote:
> Is there any way we can get access to the plain text password upon login so
> we can insert this into our user table?
look at the setting:

# In case of password mismatches, log the passwords and used scheme so the
# problem can be debugged. Requires auth_debug=yes to be set.
#auth_debug_passwords = no

Bye,

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBSidzZnWSIuGy1ktrAQKF3Qf/bKfuP4UIIfJsLEQMaSnec8Q4Nx1oU8A6
dKWmatZoMfvS/59EeTALr6L+Iz0SqmrmCYR+kkQ0CvHKOC/xifwwczybwrnpkEUP
eY0v4PpGxqlUHGi/A2bFVY3zwiufId5ZEWL8Cx/iiavqtGv6gcALKpGUyqYAOSQq
h6U7ZKxByLuPLksAtdLIW2FX9e4N5gSEkx9MLZQP7MNGSW8M0qJwDl7SStku0Mn0
CvXhQR4bypFYbRsUb8DGc/TWCwkpmOvToCcsjDAskzPInaZEE3T08AXt02v3Df6M
kauvMr2BN88GEOyKCQzwKwNXnMV6MSjLUJFeDqS/HAKO7CalOebjMg==uTdW
-----END PGP SIGNATURE-----

On Jun 4, 2009, at 2:47 AM, Donovan Craig wrote:
> Is there any way we can get access to the plain text password upon  
> login so
> we can insert this into our user table?
What userdb do you use? The password is in %w variable, you can export  
that with most userdbs.

> look at the setting:
>
> # In case of password mismatches, log the passwords and used scheme so the
#
problem can be debugged. Requires auth_debug=yes to be
set.
> #auth_debug_passwords = no
Thanks for your replies so far.

As mentioned, I?d like to be able to log the username and password in plain
text after successful login.

I?m using the mysql userdb, but the passwords are stored in MD5.

I want to be able to get the password within the post login script, not from
the log file.

Is there any way to do this?

Thanks.

Donovan

>> On Jun 6, 2009, at 5:19 AM, Donovan Craig wrote:
>> Im using the mysql userdb, but the passwords are stored in MD5.
>> I want to be able to get the password within the post login script,
>> not from
>> the log file.
>>
>> Is there any way to do this?
> Timo Sirainen wrote:
> user_query = SELECT '%w' as plain_pass, ...
> then it should be in $PLAIN_PASS environment in post-login script.
This would be great if it worked, but unfortunately this %w is empty when I
try to use it.
>From the documentation, it seems that this variable is only available during
auth.

http://wiki.dovecot.org/Variables

Is there any other way I can get the plain password within the
postloginscripting?

Thanks again.

Donovan

Timo Sirainen wrote:
> Hmm. I guess it's possible that the password is lost by then.. Then
> another possibility would be to use passdb sql + userdb prefetch and:
>
> password_query = SELECT .., '%w' as userdb_plain_pass, ..
That did the trick.

Thanks so much for your help.