On 8.4.2013, at 13.42, Heiko Schlichting dovecot-l@fu-berlin.de wrote:
The checkpassword interface is used in many different ways:
I found checkpassword the easiest way to implement authentication against FreeRADIUS. Using a perl script with
$input = IO::Handle->new_from_fd(3, "r");
and
my $output = IO::Handle->new_from_fd(4, "w");
and skipping the checkpassword-reply binary. This works fine on our server for many years now but every time when I read some related questions on the list, it seems that a more generic, not so crude interface would be a good idea for a future version of dovecot.
For executing scripts/binaries I think checkpassword will stay the only way. Other than that, you could talk to Dovecot-auth via UNIX socket by using dict-proxy protocol with passdb/userdb dict. Although that way you'd need some way to keep your server running and it's not that easy yet to create a new Dovecot service without using libdovecot.