Răzvan Sandu
2010-Feb-03 16:59 UTC
[Dovecot] [RFE] A way to encode passwords in the /etc/imap.passwd file
Hello,
Is this the proper place to suggest an enhancement for the stock dovecot
package ?
The enhancement would be the following:
For the time being, the dovecotpw utility offers a standardised way to
interactively encode a user password in a certain scheme, say:
dovecotpw -s CRYPT
Enter new passord:
Re-enter new password:
etc.
Given a *valid* /etc/imap.passwd file (passwd-file authentication),
dovecotpw should be able to process it non-interactively and output
another text file with all {PLAIN} passwords converted in the specified
<scheme>, i.e.:
dovecotpwd -s CRYPT if=/etc/imap.passwd of=/etc/imap.passwd.converted
where /etc/imap.passwd.converted have the previously {PLAIN} passwords
converted in scheme CRYPT.
Passwords that were previously encrypted in other schemes than {PLAIN}
shoud remain untouched.
That will allow quick securing of old legacy /etc/imap.passwd files.
Thanks a lot,
R?zvan
Pascal Volk
2010-Feb-03 17:33 UTC
[Dovecot] [RFE] A way to encode passwords in the /etc/imap.passwd file
On 02/03/2010 05:59 PM R?zvan Sandu wrote:> Hello, > > > Is this the proper place to suggest an enhancement for the stock dovecot > package ? > > > The enhancement would be the following: > > For the time being, the dovecotpw utility offers a standardised way to > interactively encode a user password in a certain scheme, say: > > dovecotpw -s CRYPT > Enter new passord: > Re-enter new password: > etc. > > Given a *valid* /etc/imap.passwd file (passwd-file authentication), > dovecotpw should be able to process it non-interactively and output > another text file with all {PLAIN} passwords converted in the specified > <scheme>, i.e.: > > dovecotpwd -s CRYPT if=/etc/imap.passwd of=/etc/imap.passwd.converted > > where /etc/imap.passwd.converted have the previously {PLAIN} passwords > converted in scheme CRYPT. > > Passwords that were previously encrypted in other schemes than {PLAIN} > shoud remain untouched. > > That will allow quick securing of old legacy /etc/imap.passwd files. >Get a fresh cup of coffee and start your favorite editor. Pseudo code infile := /etc/imap.passwd outfile := /etc/imap.passwd.converted infilehandle := open(infile) outfilehandle := (outfile) loop over lines from infilehandle when looks_like_plain(current_line) current_line := crypt_line(current_line) write_line(current_line, outfilehandle) write(outfilehandle) close(infilehandle) close(outfilehandle) The function looks_like_plain splits the line at the colon and checks if the content n-the field is {PLAIN}. crypt_line takes the line, splits it, crypts the password an returns a line with a crypted password. Or define crypt_line the way, it returns the line as it comes in, if the password is crypted already, if the password is plain, do it as described above. Regards, Pascal -- The trapper recommends today: beeffeed.1003418 at localdomain.org
Răzvan Sandu
2010-Feb-04 11:50 UTC
[Dovecot] [RFE] A way to encode passwords in the /etc/imap.passwd file
@Pascal Volk Thanks for the algorithm you've provided ! Unfortuantely, I'm not a programmer myself and I don't feel confident to code such an utility (even if I perfectly understand your pseudocode). ;-) What I'm looking for is not even a hand-made script, but a production solution included in the stock dovecot RPM package itself - i.e a new, better form of the dovecotpw utility. Best regards, R?zvan