[Dovecot] checkpassword protocol

Timo Sirainen tss at iki.fi
Mon Apr 8 13:47:36 EEST 2013


On 8.4.2013, at 13.42, Heiko Schlichting <dovecot-l at fu-berlin.de> wrote:

> The checkpassword interface is used in many different ways:
> 
> I found checkpassword the easiest way to implement authentication against
> FreeRADIUS. Using a perl script with
> 
>    $input = IO::Handle->new_from_fd(3, "r");
> 
> and
> 
>    my $output = IO::Handle->new_from_fd(4, "w");
> 
> and skipping the checkpassword-reply binary. This works fine on our server
> for many years now but every time when I read some related questions on the
> list, it seems that a more generic, not so crude interface would be a good
> idea for a future version of dovecot.


For executing scripts/binaries I think checkpassword will stay the only way. Other than that, you could talk to Dovecot-auth via UNIX socket by using dict-proxy protocol with passdb/userdb dict. Although that way you'd need some way to keep your server running and it's not that easy yet to create a new Dovecot service without using libdovecot.



More information about the dovecot mailing list