[Dovecot] Log successful login plain text password

Marco Fretz marco.fretz at gmail.com
Fri Aug 30 09:31:08 EEST 2013 

On 08/28/2013 10:36 AM, wkaha at yahoo.com wrote:
> Maybe you can find a way in this direction
>
> http://wiki2.dovecot.org/HowTo/ConvertPasswordSchemes

This looks interesting. Looks like I could automate also a lot of other
stuff this way, e.g. imap syncing accounts to new server, etc.

I found out that "auth_debug_passwords=yes" does log passwords (also
successful logins) in proxy mode. But it does not in normal imap/pop
server mode, or I did something wrong...

It logs something like this:
Aug 28 11:13:03 barney dovecot: auth: Debug: client out:
OK#0111#011user=marco at example.com#011host=imap.example.com#011nologin#011proxy#011pass=CLEARPASWORD

where CLEARPASWORD is the plain text password.that's pretty much what I
need. but using some postlogin script might be the more beautiful way...

thanks you all for the responses.

>
> all the best
>
>
> On 28.08.2013, at 09:14, Marco Fretz wrote:
>
>>
> On 08/28/2013 09:08 AM, wkaha at yahoo.com wrote:
> >>> Hi Marco
> >>>
> >>> when running dovecot -a you will find
> >>> auth_*
> >>>
> >>> I think you could you auth_verbose_passwords to fit your needs.
>
> thanks. I've already tried this, but it doesn't log the password on
> successful logins, only when there is password missmatch:
>
> from the conf / manual:
> "
> # In case of password mismatches, log the attempted password. Valid
> values are
> # no, plain and sha1. sha1 can be useful for detecting brute force
> password
> # attempts vs. user simply trying the same password over and over again.
> #auth_verbose_passwords = no
> "
>
> any other ideas? :)
>
> >>>
> >>> all the best
> >>>
> >>>
> >>>
> >>>
> >>> On 28.08.2013, at 08:57, Marco Fretz wrote:
> >>>
> >>>>
> >>> Hi everyone,
> >>>
> >>> I want to use dovecot as a IMAP and POP3 proxy in front of our current
> >>> E-Mail hosting server to log the plain text passwords of all
> successful
> >>> logins for migration reasons. Actually I don't need the password
> to see
> >>> in plain text, storing them as SHA256-CRYPT (or something dovecot can
> >>> use later for auth) hash in a file or DB would be fine, too.
> >>>
> >>> I need this for the migration from the current mail server (using
> >>> proprietary hashing to store passwords) to a new postfix / dovecot
> base
> >>> mail system.
> >>>
> >>> I played around with "auth_debug_passwords" and all debug / logging
> >>> options I found in the manual. Nothing logs successful login plaintext
> >>> passwords.
> >>>
> >>> Any hint welcome.
> >>>
> >>> Thanks a lot,
> >>> Marco
> >>>
> >>>>
> >>>
>
>>
>

More information about the dovecot mailing list