On 7.4.2013, at 14.30, dovecot.pkoch at dfgh.net wrote:
> I'm writing a checkpassword script in order to support our OTP token
> as a fallback for client certificate authentication. Here are two
> questions:
>
> 1) It seems to me that the username and the password will be
> delivered to my script both on file descriptor 3 and via the
> environment variables AUTH_USER and AUTH_PASSWORD.
> May I ignore file descriptor 3 and use the environment variables
> or may it happen that these variables will have differnet content
> from what is sent via fd 3?
Hmm. The AUTH_PASSWORD wasn't really an intentional addition .. but I guess
it can stay there. Some 10 years ago that might not have been such a good idea
since there were still some systems where process environment variables were
readable to all users in the system, but I doubt there exist such systems
anymore (at least where people would want to run Dovecot).
> 2) There seems to be some undocumented interaction between
> dovecot and my script via file descriptor 4. Seems that whatever
> I write to fd 4 will show up in syslog (unless it contains newlines).
> Can I use this "feature" to send error messages from my script
> to dovecot? What data does dovecot expect on fd 4?
I'm not sure why that happens instead of a complete failure .. but you
shouldn't be doing that. If you write to fd 2, it should also go to syslog,
right? (If it doesn't, it's a bug.)