184364 – dovecot should provide a way to remotely change virtual user passwords

Bug 184364 - dovecot should provide a way to remotely change virtual user passwords

Summary: dovecot should provide a way to remotely change virtual user passwords

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	dovecot
Sub Component:
Version:	4
Hardware:	i386
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Petr Rockai
QA Contact:
Docs Contact:
URL:	http://www.dovecot.org/
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-03-08 08:55 UTC by Razvan Sandu
Modified:	2014-01-21 22:53 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-03-08 16:26:50 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Razvan Sandu 2006-03-08 08:55:46 UTC

Description of problem:

dovecot should provide a standard tool for administering passwords for virtual
users in a passwd-like text file as /etc/imap.passwd (console based and GUI
based variants).

The tool should not depend on the fact that virtual users have separeate
UIDs/GIDs or share a common one. 

This tool must be usable remotely by regular users, even from a Windows machine,
to change their own password stored in /etc/imap.passwd (via a ssh-like
mechanism, as a standard plugin from changing passwords from squirrelmail, etc.)

The tool should work in a SELinux-enabled environment, with the default policy
active.


Version-Release number of selected component (if applicable):
dovecot-0.99.14-4.fc4
(stock Fedora Core 4 + updates March 06, 2006)

How reproducible:
Always

Steps to Reproduce:
1.
2.
3.
  
Actual results:

There is no way to remotely change virtual users' e-mail passwords on the server
if the server doesn't use MySQL, LDAP or alike.

Expected results:

Users must be able to change their password remotely, even if passwords are
stored in a text file on the server (passwd-like syntax). Root must be able to
change password for any user.


Additional info:

Comment 1 Petr Rockai 2006-03-08 12:32:25 UTC

Patches welcome.

Comment 2 Warren Togami 2006-03-08 15:01:32 UTC

Is this even a standard part of the IMAP protocol?  If not, then this shouldn't
be the job of dovecot.  Any patch would need to be acceptable to the upstream
dovecot project.

I suspect this is a NOTABUG issue, but I'll wait to see what tss says.

Comment 3 Timo Sirainen 2006-03-08 15:48:32 UTC

Right. Probably should be done some separate package with web backend, and there already exists some, 
although I don't know if there exists for passwd-files (or LinuxConf maybe). There's no way to change the 
password with IMAP protocol.

Comment 4 Razvan Sandu 2006-03-20 22:20:48 UTC

Hello,


Thanks for your comments and help!

Just a non-technical newbie observation about all that (please see bug #184355 
too):

What seems strange to me is the fact that some tools like I suggested *do 
exist* (please see intraperson, a plugin for squirrelmail) and they *are* able 
to change an encrypted password located in /etc/passwd.

However, as I discovered, these plugins cannot operate on a file which has a 
syntax absolutely equal to /etc/passwd (such as Dovecot's /etc/imap.passwd)! 
Needing a MySQL or LDAP database just for interacting with these plugins seems 
to me contrary to good old Linux minimalism... ;-)

From the "marketing" point of view  ;-), trying to compete with Microsoft 
Exchange means that some facilities like changing password for yourself or 
being able to set a vacation message (when you're definded as a "virtual" user 
in the e-mail system) are absolutely necessary...


Regards,
Razvan

Note You need to log in before you can comment on or make changes to this bug.