|
This is a thought, and if anyone has implemented
this, please tell me!
I have mysql/courier/postfix working..
My company has numerous clients, and we setup new
e-mail accounts for them all the time, but first we obviously have to get
passwords from them.
So my thought is this:
What if for a particular user in mysql (or any auth
mechanism really), upon first connection if the password field is blank, the
pop3 server (or imap) would insert the used password into the
database?
So->
User [EMAIL PROTECTED]
connects with login [EMAIL PROTECTED] and password
abc123
Lookup in mysql... user exists but password field
is blank.
Insert abc123 into the password field and
successfully authenticate the user. It's not really a security concern because it would
be a new account, and it would be obvious if someone were to miraculously
figure this out and "hijack" the account because a password would have been
set.
Anther use of this would be, let's say you're
migrating from a mail server which has encrypted passwords so you don't know all
of your users' passwords. Just setup the usernames and the passwords will
automatically get filled in as users check their mail. Or if you start
hosting someone's e-mail, they could just give you their list of usernames
without having to reset all of their passwords (since 99% of them probably don't
know what password they have stored in Outlook Express).
This could probably also be taken a step further
and have courier create users on the fly/mysql entries. You could enable
it for particular domain for a short time period, tell your new client to have
all of their users check mail, then shut it off and all of the accounts will
have been created automatically.
My programming knowledge is limited so if anyone
could suggest how this could be accomplished that would be great.
Thoughts??
--Josh
|
