I am currently attempting to modify my ISPConfig code to allow me to passwords to user e-mail accounts. I know this introduces security issues, but I happen to believe that if a user manages to compromise my system enough to be able to browse the database, the system is pretty well screwed anyhow. If I have the user passwords stored somewhere (in the database, or in a Berkeley DB file, or SQLite, or ...) I can then rebuild /etc/passwd and /etc/shadow if they should become compromised, can test proper operation of POP and IMAP for all users, etc. In the early weeks of putting a new ISPConfig installation on-line, the ability to test these functions for every user account can be extremely important. Since I am moving users from our Plesk server to ISPConfig, I have all their passwords anyway. I'd just like to know that my lists will remain current as users go in to change their own passwords.
