Is it possible to use per user keys with mail-crypt-plugin when using passwd-file backend?
I've been reading quite a bit of discussions, the manual and a few often linked posts about mail-crypt-plugin, but most of them seem to assume a sql db backing. But if you are using a passwd file userdb, is it possible to make the per-user-key mode of the mail-crypt-plugin work?
I like the trick of passing in the key via an extra calculated/virtual column in the query (even allows for hashing the password for example). But I cannot see how this can work with the passwd backing?
Any pointers would be appreciated.
Kind regards, Davy
(Why so focussed on passwd files? I'm using the docker-mailserver setup that takes care of a lot of messy setup, so I rather not redo that just so that I can switch to a db for storing the user details of maybe 2 to 3 users)
On 20/03/2021 22:43 Davy Landman davy.landman@gmail.com wrote:
I've been reading quite a bit of discussions, the manual and a few often linked posts about mail-crypt-plugin, but most of them seem to assume a sql db backing. But if you are using a passwd file userdb, is it possible to make the per-user-key mode of the mail-crypt-plugin work?
I like the trick of passing in the key via an extra calculated/virtual column in the query (even allows for hashing the password for example). But I cannot see how this can work with the passwd backing?
Any pointers would be appreciated.
Kind regards, Davy
passdb { driver = passwd-file args = ... override_fields = userdb_mail_crypt_private_password=%{sha256:password} }
might work
Aki
Thanks for your idea, indeed, this is the trick.
I added override_fields = userdb_mail_crypt_private_password=%w userdb_mail_crypt_save_version=2 to the passdb config and it works
On Sat, Mar 20, 2021 at 10:43 PM Aki Tuomi aki.tuomi@open-xchange.com wrote:
On 20/03/2021 22:43 Davy Landman davy.landman@gmail.com wrote:
I've been reading quite a bit of discussions, the manual and a few often linked posts about mail-crypt-plugin, but most of them seem to assume a sql db backing. But if you are using a passwd file userdb, is it possible to make the per-user-key mode of the mail-crypt-plugin work?
I like the trick of passing in the key via an extra calculated/virtual
column in the query (even allows for hashing the password for example). But I cannot see how this can work with the passwd backing? > > Any pointers would be appreciated. > > Kind regards, > Davy > > >
passdb { driver = passwd-file args = ... override_fields = userdb_mail_crypt_private_password=%{sha256:password} }
might work
Aki
participants (2)
-
Aki Tuomi
-
Davy Landman