[Dovecot] Custom password encryption scheme, how to do it?

Madison Kelly linux at alteeve.com
Mon Oct 1 20:10:31 EEST 2007


Hi all,

   I'm a fairly recent convert to Dovecot/Postfix from Sendmail, so
please be gentle (and assume I know nothing). :)

   I've got a Postfix/Dovecot/PostgreSQL setup with a custom DB schema
for my email. This database is also used for a bigger program I use for
all my hosting needs (domains, etc.). Currently, I've set it up to use
plain-text authentication while I was developing it and getting things
running. Now though it's up and running fine, so I want to increase the
strength of my passwords that Postfix/Dovecot use.

   I currently have two fields in a table called 'users'; 'usr_password'
which is plain-text and what Postfix/Dovecot currently use and
'usr_strong_password', which stores a stronger hash and is used by the
main program.

   My question is, can I have Postfix/Dovecot use a custom password
hashing system?

   The way I store my strong password (as used by the web-interface) is;

- Take the password provided from the user
- Read a stored 'salt' value from the database (unique per user and
changed on password [re]sets).
- Generate an initial SHA256 hash out of the password+salt.
- Re-hash the initial SHA256 hash many thousands of times.
- Compare the final hash with the hash stored in 'usr_strong_password'.

   If I can tell Dovecot how to do this, where would I do it? Is there a
document/howto/etc someone could point me to? Is there a file I should
look at?

   Thanks all!!

Madi



More information about the dovecot mailing list