Hi, On Thu, Oct 14, 2010 at 03:00:32PM +0100, Timo Sirainen wrote: > On Thu, 2010-10-14 at 09:55 +0100, Ed W wrote: > > > Is there any way to make Dovecot use the same username/password for > > > database access as userdb and passdb queries? Specifying the password > > > with -p doesn't seem like a good idea, so I'm wondering if it can be > > > handled by Dovecot directly. > > If your risk is that the user compromises the login process and can see > > the login script > > BTW. That's not enough. The login process is chrooted to nearly empty > directory and can't read anything. To read the post-login script the > user would have to compromise imap/pop3 process (which is more likely > anyway, because they're more complex). But that could also be prevented > by not giving that process read access to the script. > > I think more problematic is that the -p password shows up in ps list. > That can be avoided by placing the script to MySQL's config file. > http://dev.mysql.com/doc/refman/5.1/en/password-security-user.html
Sorry for not describing the problem clearly. Timo is spot on the problem I was trying to describe. I was wondering if it would be possible to read the username/password from a Dovecot config file (like userdb/passdb/quota/expire) instead of using my.cnf. Thanks! -- Denny Lin
