Hi all,
I'm a fairly recent convert to Dovecot/Postfix from Sendmail, so please be gentle (and assume I know nothing). :)
I've got a Postfix/Dovecot/PostgreSQL setup with a custom DB schema for my email. This database is also used for a bigger program I use for all my hosting needs (domains, etc.). Currently, I've set it up to use plain-text authentication while I was developing it and getting things running. Now though it's up and running fine, so I want to increase the strength of my passwords that Postfix/Dovecot use.
I currently have two fields in a table called 'users'; 'usr_password' which is plain-text and what Postfix/Dovecot currently use and 'usr_strong_password', which stores a stronger hash and is used by the main program.
My question is, can I have Postfix/Dovecot use a custom password hashing system?
The way I store my strong password (as used by the web-interface) is;
Take the password provided from the user
Read a stored 'salt' value from the database (unique per user and changed on password [re]sets).
Generate an initial SHA256 hash out of the password+salt.
Re-hash the initial SHA256 hash many thousands of times.
Compare the final hash with the hash stored in 'usr_strong_password'.
If I can tell Dovecot how to do this, where would I do it? Is there a document/howto/etc someone could point me to? Is there a file I should look at?
Thanks all!!
Madi