Unfortunately not. It uses the PHPass, which is more complicated than a simple
hash (it uses salting and stretching, making it more secure against a
brute-force attacks). Although the phpass is available as python or perl
script, I want to use the wordpress' functions. Then it would be
"future-proof", I mean if they change the password hashing process, it
wouldn't broke the other services (i.e. dovecot): there is a function in
wordpress, where I supply the hash and the cleartext password, and it returns a
boolean value, of the hash being the password's hash.I am working now to
use curl with post methods instead the php cli. Because it will use the
web-server, I think there would be no memory problem. But it means also, that
the auth php would be accessible from the internet, and I didn't like it so
much. But hey, something for something :) I am not a programmer, so I can't
"read" source codes. But if a programmer reads this, and have a spare few
minutes, please be so kind to look at the dovecot's source code, and if
finds out the memory limit of the checkpassword method (is it hard-coded, or it
could be changed in the config), please drop a few lines. I would be grateful.
Thanks.
Alex JOST <jost+li...@dimejo.at> írta:
>Am 2014-06-05 19:33, schrieb a:
>> Hi. I am trying to authenticate dovecot from a wordpress database. I was
>> thinking of using the checkpassword script to start a cli php script. That
>> php script would then include the necessary wordpress functions, do the auth
>> (find the wp username from user database using the email address, and
>> authenticate with the user/pass), and return the result to the checkpassword
>> script. I made the above scripts (the php script will be used to
>> authenticate some other services too), and when I run them "by hand" (even
>> with "sudo -u dovecot ..."), it works. But, when the dovecot runs them, the
>> php runs out of memory. After a lot of debuging, I find out that when the
>> dovecot starts the checkpassword script, it makes a 250kB memory limit. But
>> it is not enough for the php script, it needs 14MB. I tried to put a "ulimit
>> -v 16777216" into the checkpassword.sh, but it doesn't work.Is there
>> some hardcoded limit in the dovecot itself? And if there is, could it be
>> somehow changed?I am using
> a
>> simple D
>> ebian Wheezy LAMP, and installed everything from repo. Thanks for every
>> idea.
>
>The whole concept sounds quite error-prone. Can't you query the database
>directly?
>
>--
>Alex JOST
