Multiple passwords with sql authentication
Timo Sirainen
tss at iki.fi
Mon Jul 28 14:51:27 UTC 2014
On 23 Jul 2014, at 18:49, BlackVoid <blackvoid+dovecot at fantas.in> wrote:
> I'm currently working on a control panel which is using postfix, dovecot
> and other applications and I want to add application specific passwords
> to increase security.
>
> I found one solution [1], however it requires the password to be
> included in the query which is something I do not want to do, because
> the query may be written in clear-text to log-files. So I'm wondering if
> there is a way to have multiple passwords with dovecot without risking
> passwords being leakied in clear-text to log-files.
There's an old patch to support this, but it was never finished: http://dovecot.org/patches/2.0/auth-multi-password-2.0.diff
I had a newer idea about encoding the passwords into a single field, such as {MULTI}hash1:hash2:hash3 but that doesn't exist either yet.
For now the only possibility would be to create multiple passdbs, each one returning a different password field. That could work if you have only a couple of different passwords.
More information about the dovecot
mailing list