On 18/03/2023 00:44 EET David Koski <dkoski@sutinen.com> wrote:

Hello,

I'm looking for a good way to apply a custom hash to passwords. My hope

is to add passwords to a (MySQL) database: INSERT INTO users

(user='joblo', pass=MYHASH('plain-password')..

For SASL authentication, my thought first was to apply the same hash to

the issued password and compare it with the hashed password in the

database. I soon discovered the sql driver supplied by Dovecot doesn't

provide that ability, unless I'm missing something.

I'm looking for documentation on how to implement a custom

authentication script if needed.

Regards,

David Koski

dkoski@sutinen.com

Hi David, see https://doc.dovecot.org/configuration_manual/authentication/lua_based_authentication/ on how to implement custom authentication.

For verifying password you could use MYHASH('%w') in your passdb sql lookup. You need to include `'Y' as nopassword` in this case, and this will cause wrong password to become unknown user error.

Aki