Hi,
I'm playing around with the password plugin. I have a setup with dovecot, postfixadmin, roundcube 0.8.1 and the password plugin.
In the password config I changed the following settings:
I have to databases, one is for postfix used by dovecot and postfixadmin, containing the email addresses and passwords and a second one for roundcube. So authentication is made against the postfix database:
< $rcmail_config['password_minimum_length'] = 8;
< $rcmail_config['password_require_nonalpha'] = true;
< $rcmail_config['password_db_dsn'] = 'mysql://user:dbpw123@localhost/postfix';
< $rcmail_config['password_query'] = 'UPDATE mailbox SET password=%c WHERE username=%u';
< $rcmail_config['password_dovecotpw'] = '/usr/sbin/dovecotpw';
< $rcmail_config['password_dovecotpw_method'] = 'MD5';
< $rcmail_config['password_hash_algorithm'] = 'sha512';
In Roundcube the PW change works well, but I found out that the user then is still able to login at roundcube with the old password! After the user uses the new password for the first time, the old password is not valid anymore.
Anyone knows how I can fix this behaviour?
Thanx,
a²