Răzvan Sandu
2010-Feb-03 16:59 UTC
[Dovecot] [RFE] A way to encode passwords in the /etc/imap.passwd file
Hello, Is this the proper place to suggest an enhancement for the stock dovecot package ? The enhancement would be the following: For the time being, the dovecotpw utility offers a standardised way to interactively encode a user password in a certain scheme, say: dovecotpw -s CRYPT Enter new passord: Re-enter new password: etc. Given a *valid* /etc/imap.passwd file (passwd-file authentication), dovecotpw should be able to process it non-interactively and output another text file with all {PLAIN} passwords converted in the specified <scheme>, i.e.: dovecotpwd -s CRYPT if=/etc/imap.passwd of=/etc/imap.passwd.converted where /etc/imap.passwd.converted have the previously {PLAIN} passwords converted in scheme CRYPT. Passwords that were previously encrypted in other schemes than {PLAIN} shoud remain untouched. That will allow quick securing of old legacy /etc/imap.passwd files. Thanks a lot, R?zvan
Pascal Volk
2010-Feb-03 17:33 UTC
[Dovecot] [RFE] A way to encode passwords in the /etc/imap.passwd file
On 02/03/2010 05:59 PM R?zvan Sandu wrote:> Hello, > > > Is this the proper place to suggest an enhancement for the stock dovecot > package ? > > > The enhancement would be the following: > > For the time being, the dovecotpw utility offers a standardised way to > interactively encode a user password in a certain scheme, say: > > dovecotpw -s CRYPT > Enter new passord: > Re-enter new password: > etc. > > Given a *valid* /etc/imap.passwd file (passwd-file authentication), > dovecotpw should be able to process it non-interactively and output > another text file with all {PLAIN} passwords converted in the specified > <scheme>, i.e.: > > dovecotpwd -s CRYPT if=/etc/imap.passwd of=/etc/imap.passwd.converted > > where /etc/imap.passwd.converted have the previously {PLAIN} passwords > converted in scheme CRYPT. > > Passwords that were previously encrypted in other schemes than {PLAIN} > shoud remain untouched. > > That will allow quick securing of old legacy /etc/imap.passwd files. >Get a fresh cup of coffee and start your favorite editor. Pseudo code infile := /etc/imap.passwd outfile := /etc/imap.passwd.converted infilehandle := open(infile) outfilehandle := (outfile) loop over lines from infilehandle when looks_like_plain(current_line) current_line := crypt_line(current_line) write_line(current_line, outfilehandle) write(outfilehandle) close(infilehandle) close(outfilehandle) The function looks_like_plain splits the line at the colon and checks if the content n-the field is {PLAIN}. crypt_line takes the line, splits it, crypts the password an returns a line with a crypted password. Or define crypt_line the way, it returns the line as it comes in, if the password is crypted already, if the password is plain, do it as described above. Regards, Pascal -- The trapper recommends today: beeffeed.1003418 at localdomain.org
Răzvan Sandu
2010-Feb-04 11:50 UTC
[Dovecot] [RFE] A way to encode passwords in the /etc/imap.passwd file
@Pascal Volk Thanks for the algorithm you've provided ! Unfortuantely, I'm not a programmer myself and I don't feel confident to code such an utility (even if I perfectly understand your pseudocode). ;-) What I'm looking for is not even a hand-made script, but a production solution included in the stock dovecot RPM package itself - i.e a new, better form of the dovecotpw utility. Best regards, R?zvan