I managed to write a ugly but working checkpassword script for dovecot, having multiple passwords for a user. But now I found this: https://github.com/dweuthen/roundcube-application_passwords
I think this is the better way to go. the crypt passwords are the biggest problem because you need the stored hash to generate the input hash. I know this is safer, but in my opinion SHA2 or what ever is best available hash in mysql something should do it as well.
having application passwords is a bigger security advantage than having stronger hashes in the database.
correct me if I'm wrong :-)
best regards Marco
On 06.10.2014 16:46, Marco Fretz wrote:
Thank you Steffen,
This sounds like a plan. checkpassword looks quite simple to use and I could still use default userdb with dovecot-sql for userhome, quota, etc. I'll give this a try.
thanks Marco
Am 06.10.2014 13:52, schrieb Steffen Kaiser:
On Mon, 6 Oct 2014, Marco Fretz wrote:
corresponding user in the users table - one use has many passwords (1:n). for dovecot this means that it will get multiple rows with passwords back from the "password_query". is there a way to tell dovecot to check all those returned passwords and "pass" the request if one of those passwords match?
I think no, but you could craft a PAM module and use the pam passdb or supply a checkpassword script:
-- Steffen Kaiser