Multiple passwords with sql authentication
BlackVoid
blackvoid+dovecot at fantas.in
Mon Jul 28 22:12:37 UTC 2014
On 2014-07-28 16:51, Timo Sirainen wrote:
> On 23 Jul 2014, at 18:49, BlackVoid <blackvoid+dovecot at fantas.in> wrote:
>
>> I'm currently working on a control panel which is using postfix, dovecot
>> and other applications and I want to add application specific passwords
>> to increase security.
>>
>> I found one solution [1], however it requires the password to be
>> included in the query which is something I do not want to do, because
>> the query may be written in clear-text to log-files. So I'm wondering if
>> there is a way to have multiple passwords with dovecot without risking
>> passwords being leakied in clear-text to log-files.
>
> There's an old patch to support this, but it was never finished: http://dovecot.org/patches/2.0/auth-multi-password-2.0.diff
>
> I had a newer idea about encoding the passwords into a single field, such as {MULTI}hash1:hash2:hash3 but that doesn't exist either yet.
>
> For now the only possibility would be to create multiple passdbs, each one returning a different password field. That could work if you have only a couple of different passwords.
>
Well that's unfortunate. Looks like I have to scrap the idea until
either the old patch or your idea is implemented. I don't think having
multiple passdbs is a choice, because the amount of application specific
passwords a user can have is not finite.
Thanks for the help though.
More information about the dovecot
mailing list