We want to update our password scheme from crypt to SHA256. Because usernames/passwords are in MySQL I thought this wouldn't be a problem. We have about 3000 users that need to be updated, so make a new password for them isn't possible. I was thinking of an automated script that would update the database after every login. So we did this: dovecot.conf: mail_executable = /usr/local/etc/updatepwd.sh updatepwd.sh: #!/bin/sh $USER $PASSWORD|/usr/local/etc/do_updatepwd.pl exec /usr/local/libexec/dovecot/imap "$@" (do_updatepwd.pl is a perl script that makes a sha256 from the second argument, and then update the mysql-query) However: the password is not in the ENVIROMENT anymore. I changed in dovecot the settings: auth_debug = yes auth_debug_passwords = yes Anyone a solution for this? Best regards, Pascal
On 22.3.2011, at 15.20, Pascal Nobus wrote:> We want to update our password scheme from crypt to SHA256. > > Because usernames/passwords are in MySQL I thought this wouldn't be a problem.So that'd be passdb and userdb sql.> However: the password is not in the ENVIROMENT anymore.Use passdb sql + userdb prefetch: http://wiki.dovecot.org/UserDatabase/Prefetch Then have password_query = select '%w' as userdb_password, ... and now you'll have $PASSWORD environment. You could maybe also do this all by creating a mysql function that compares and updates the password directly, i.e: password_query = select check_password('%u', '%w')