[Dovecot] passwd-file maintenance by users, other options

Mike Brown mike at skew.org
Sat Apr 3 02:31:16 EEST 2004


I am using Dovecot to provide IMAP and IMAP+SSL service for my users, but am
still using QPopper for POP3 service, wrapped with stunnel for POP3+SSL.

I am hesitant to get rid of QPopper because it supports APOP, which encrypts
authentication data (both where it is stored, and when it is transmitted), and
because APOP passwords can be managed by the users themselves, via the popauth
tool that they can run from their shell accounts.

I'd like very much to use Dovecot for POP3, but would need to have it be
comparable to APOP, where authentication does not involve having user
passwords going across the wire in the clear, and especially I need for users
to be able to maintain their passwords themselves, preferably with their
status as a current user of the system being established without my
intervention; I don't want to have to manually keep things in sync with
/etc/passwd. Furthermore, it needs to have no conflicts with popular email
clients including Mozilla, Outlook, Outlook Express, and Eudora, so unusual
authentication mechanisms are not really an option.

I've RTFM at http://www.dovecot.org/doc/auth.txt but I don't know how to
establish a separate passwd file that would satisfy the requirement that users
be able to maintain their passwords themselves. And PAM is a complete mystery
to me.

So what do you all do? Is there a tutorial somewhere that would help?

Thanks,

M.



More information about the dovecot mailing list