Hi, mj
- mj [2017-07-20 13:29]:
Hi,
Further to the other thread about password guessing activities against our dovecot, I would like to implement application specific passwords on our dovecot. [...]
Is there anone here with some additional notes, ideas, tips, trics on setting up application specific passwords with dovecot with virtual users? We are using samba AD as an authentication backend.
I'm not familiar with samba AD and with it's features and limitation. For my simple system I'm using plain files for passdb and userdb (aka. passwd-file). Application (or rather device) specific passwords are implementing by using having an additional "username" with a specific password for a particular application or device. E.g. some entries for myself:
bbmutt:*:10001:10001::/krot/mail/km::userdb_mail=maildir:~/Maildir userdb_quota_rule=*:bytes=10240M
kmozilla:*:10001:10001::/krot/mail/km::userdb_mail=maildir:~/Maildir userdb_quota_rule=*:bytes=10240M
sailpad:*:10001:10001::/krot/mail/km::userdb_mail=maildir:~/Maildir userdb_quota_rule=*:bytes=10240M
workphone:*:10001:10001::/krot/mail/km::userdb_mail=maildir:~/Maildir userdb_quota_rule=*:bytes=10240M
The files are generated automatically from a Single Source of Truth.
In my case I'm selecting the username myself, but there's nothing preventing you from generating a username/password combination for your users.
Note that in my setup users will have application specific username and password, not only application specific password. It was easier to implement it quickly this way.
Greetz Kirill
-- -- Kirill Miazine km@krot.org