I did this using SQL database (MySQL) as I wanted to have roundcube webmail with 2FA, but use separate passwords for clients connecting to imap/submission directly. Otherwise, 2FA on only roundcube is a bit pointless if the same credentials can still be used via IMAP without 2FA.
I was inspired by the roundcube ap4rc plugin[1], but it requires a separate username to be created for each device and was kinda awkward to use in practice.
I forked it and added some new username formats: "Format 2" is the email address or same username everywhere.
The key part of it is the Dovecot Auth/SQL dict config:-
https://github.com/listerr/ap4rc/blob/main/README_DOVECOT.md#auth-config-exa...
The example under format 2 first tries the username/pw in a static passwd file for use with roundcube only, then if this fails, try looking it up in sql for the application specific passwords.
In reality I use SQL for both rather than static file, the SQL query is a bit more complicated.
[1] https://github.com/openSUSE/ap4rc
On 2024-07-26 15:57, Aubry via dovecot wrote:
Hi,
From what I understood from the archive and from my tests, we cannot have multiple passwords for a given account. (I get the error: Password query returned multiple matches) But it looks like it can be done via a PAM module. Does anyone succeeded setup multiple password with PAM or any other method with a SQL backend ?
-- Rob Lister rob@lonap.net +44 20 3137 8330