[Dovecot] Changing password for users

Ben Morrow ben at morrow.me.uk
Sat Oct 27 02:09:11 EEST 2012


At  3PM -0700 on 26/10/12 you (Joseph Tam) wrote:
> 
> > From: Mike John <mike at alaadin.org>
> >
> >> I know about poppassd , but it works only for /etc/passwd ,
> >> /etc/shadow, but my dovecot virtual users password files
> >> are in different location and i do not know how to modify poppassd,
> >> any idea how can i do that?
> 
> I downloaded and examined it; it's just a wrapper for /usr/bin/passwd,
> and there doesn't seem an easy way to modify it to use something other
> than the system password file.
> 
> Maybe replace "/usr/bin/passwd" with htpasswd?

Try pam_pwdfile with poppwd or some other poppassd that supports PAM.

> > and is there another way other than poppassd?
> 
> Write your own PHP script -- it couldn't be more than a few dozen lines
> of code for a working skeleton.  Or Google "php change password htpasswd".

It's not as simple as you seem to think. Quite apart from getting the
password-changing itself right (have you considered what happens when
two users change their passwords at the same time? when Dovecot tries to
read the password file at the same time as you are changing it? when the
system crashes when you are halfway through rewriting the password
file?), you really shouldn't be running PHP as a user with write access
to a password file (even a virtual password file) in any case.

Ben



More information about the dovecot mailing list