Bug 184364 - dovecot should provide a way to remotely change virtual user passwords
dovecot should provide a way to remotely change virtual user passwords
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: dovecot (Show other bugs)
4
i386 Linux
low Severity medium
: ---
: ---
Assigned To: Petr Rockai
http://www.dovecot.org/
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-03-08 03:55 EST by Razvan Sandu
Modified: 2014-01-21 17:53 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-03-08 11:26:50 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Razvan Sandu 2006-03-08 03:55:46 EST
Description of problem:

dovecot should provide a standard tool for administering passwords for virtual
users in a passwd-like text file as /etc/imap.passwd (console based and GUI
based variants).

The tool should not depend on the fact that virtual users have separeate
UIDs/GIDs or share a common one. 

This tool must be usable remotely by regular users, even from a Windows machine,
to change their own password stored in /etc/imap.passwd (via a ssh-like
mechanism, as a standard plugin from changing passwords from squirrelmail, etc.)

The tool should work in a SELinux-enabled environment, with the default policy
active.


Version-Release number of selected component (if applicable):
dovecot-0.99.14-4.fc4
(stock Fedora Core 4 + updates March 06, 2006)

How reproducible:
Always

Steps to Reproduce:
1.
2.
3.
  
Actual results:

There is no way to remotely change virtual users' e-mail passwords on the server
if the server doesn't use MySQL, LDAP or alike.

Expected results:

Users must be able to change their password remotely, even if passwords are
stored in a text file on the server (passwd-like syntax). Root must be able to
change password for any user.


Additional info:
Comment 1 Petr Rockai 2006-03-08 07:32:25 EST
Patches welcome. 
Comment 2 Warren Togami 2006-03-08 10:01:32 EST
Is this even a standard part of the IMAP protocol?  If not, then this shouldn't
be the job of dovecot.  Any patch would need to be acceptable to the upstream
dovecot project.

I suspect this is a NOTABUG issue, but I'll wait to see what tss says.
Comment 3 Timo Sirainen 2006-03-08 10:48:32 EST
Right. Probably should be done some separate package with web backend, and there already exists some, 
although I don't know if there exists for passwd-files (or LinuxConf maybe). There's no way to change the 
password with IMAP protocol.
Comment 4 Razvan Sandu 2006-03-20 17:20:48 EST
Hello,


Thanks for your comments and help!

Just a non-technical newbie observation about all that (please see bug #184355 
too):

What seems strange to me is the fact that some tools like I suggested *do 
exist* (please see intraperson, a plugin for squirrelmail) and they *are* able 
to change an encrypted password located in /etc/passwd.

However, as I discovered, these plugins cannot operate on a file which has a 
syntax absolutely equal to /etc/passwd (such as Dovecot's /etc/imap.passwd)! 
Needing a MySQL or LDAP database just for interacting with these plugins seems 
to me contrary to good old Linux minimalism... ;-)

From the "marketing" point of view  ;-), trying to compete with Microsoft 
Exchange means that some facilities like changing password for yourself or 
being able to set a vacation message (when you're definded as a "virtual" user 
in the e-mail system) are absolutely necessary...


Regards,
Razvan

Note You need to log in before you can comment on or make changes to this bug.