Multiple passwords for a user (SQL)
Marco Fretz
marco.fretz at gmail.com
Tue Sep 22 06:07:02 UTC 2015
I managed to write a ugly but working checkpassword script for dovecot,
having multiple passwords for a user.
But now I found this:
https://github.com/dweuthen/roundcube-application_passwords
I think this is the better way to go. the crypt passwords are the
biggest problem because you need the stored hash to generate the input
hash. I know this is safer, but in my opinion SHA2 or what ever is best
available hash in mysql something should do it as well.
having application passwords is a bigger security advantage than having
stronger hashes in the database.
correct me if I'm wrong :-)
best regards
Marco
On 06.10.2014 16:46, Marco Fretz wrote:
>
> Thank you Steffen,
>
> This sounds like a plan. checkpassword looks quite simple to use and I
> could still use default userdb with dovecot-sql for userhome, quota, etc.
> I'll give this a try.
>
> thanks
> Marco
>
> Am 06.10.2014 13:52, schrieb Steffen Kaiser:
> > On Mon, 6 Oct 2014, Marco Fretz wrote:
>
> >> corresponding user in the users table - one use has many passwords
> (1:n).
> >> for dovecot this means that it will get multiple rows with passwords
> >> back from the "password_query". is there a way to tell dovecot to check
> >> all those returned passwords and "pass" the request if one of those
> >> passwords match?
>
> > I think no, but you could craft a PAM module and use the pam passdb or
> supply a checkpassword script:
>
> > http://wiki2.dovecot.org/PasswordDatabase
>
> > -- Steffen Kaiser
>
More information about the dovecot
mailing list