application specific passwords
Kirill Miazine
km at krot.org
Thu Jul 20 19:50:41 EEST 2017
Hi, mj
* mj [2017-07-20 13:29]:
> Hi,
>
> Further to the other thread about password guessing activities against our
> dovecot, I would like to implement application specific passwords on our
> dovecot.
[...]
>
> Is there anone here with some additional notes, ideas, tips, trics on
> setting up application specific passwords with dovecot with virtual users?
> We are using samba AD as an authentication backend.
I'm not familiar with samba AD and with it's features and limitation.
For my simple system I'm using plain files for passdb and userdb (aka.
passwd-file). Application (or rather device) specific passwords are
implementing by using having an additional "username" with a specific
password for a particular application or device. E.g. some entries for
myself:
bbmutt:*:10001:10001::/krot/mail/km::userdb_mail=maildir:~/Maildir userdb_quota_rule=*:bytes=10240M
kmozilla:*:10001:10001::/krot/mail/km::userdb_mail=maildir:~/Maildir userdb_quota_rule=*:bytes=10240M
sailpad:*:10001:10001::/krot/mail/km::userdb_mail=maildir:~/Maildir userdb_quota_rule=*:bytes=10240M
workphone:*:10001:10001::/krot/mail/km::userdb_mail=maildir:~/Maildir userdb_quota_rule=*:bytes=10240M
The files are generated automatically from a Single Source of Truth.
In my case I'm selecting the username myself, but there's nothing
preventing you from generating a username/password combination for your
users.
Note that in my setup users will have application specific username and
password, not only application specific password. It was easier to
implement it quickly this way.
Greetz
Kirill
--
-- Kirill Miazine <km at krot.org>
More information about the dovecot
mailing list