Multiple passwords with sql authentication

Timo Sirainen tss at iki.fi
Mon Jul 28 14:51:27 UTC 2014


On 23 Jul 2014, at 18:49, BlackVoid <blackvoid+dovecot at fantas.in> wrote:

> I'm currently working on a control panel which is using postfix, dovecot
> and other applications and I want to add application specific passwords
> to increase security.
> 
> I found one solution [1], however it requires the password to be
> included in the query which is something I do not want to do, because
> the query may be written in clear-text to log-files. So I'm wondering if
> there is a way to have multiple passwords with dovecot without risking
> passwords being leakied in clear-text to log-files.

There's an old patch to support this, but it was never finished: http://dovecot.org/patches/2.0/auth-multi-password-2.0.diff

I had a newer idea about encoding the passwords into a single field, such as {MULTI}hash1:hash2:hash3 but that doesn't exist either yet.

For now the only possibility would be to create multiple passdbs, each one returning a different password field. That could work if you have only a couple of different passwords.



More information about the dovecot mailing list