application specific passwords

[Kirill Miazine]

* mj [2017-07-20 21:46]:
> Hi Kirill,
> 
> Thanks for your reply. Such a simple flat file approach would be perfect,
> and I don't mind at all to require app specific usernames *and* passwords.

In my case it's flat file, but this is easily doable with SQL as well,
using a separate table for login/password and a key to a table with
appropriate user data.

> However, I am unsure how to combine your recipe below with our regular AD
> userdb/passdb.

Unfortunately, I'm not familiar with AD....

> Perhaps someone can give me some pointers in that direction?
> 
> MJ
> 
> On 07/20/2017 06:50 PM, Kirill Miazine wrote:
> > I'm not familiar with samba AD and with it's features and limitation.
> > For my simple system I'm using plain files for passdb and userdb (aka.
> > passwd-file). Application (or rather device) specific passwords are
> > implementing by using having an additional "username" with a specific
> > password for a particular application or device. E.g. some entries for
> > myself:
> > 
> >      bbmutt:*:10001:10001::/krot/mail/km::userdb_mail=maildir:~/Maildir userdb_quota_rule=*:bytes=10240M
> >      kmozilla:*:10001:10001::/krot/mail/km::userdb_mail=maildir:~/Maildir userdb_quota_rule=*:bytes=10240M
> >      sailpad:*:10001:10001::/krot/mail/km::userdb_mail=maildir:~/Maildir userdb_quota_rule=*:bytes=10240M
> >      workphone:*:10001:10001::/krot/mail/km::userdb_mail=maildir:~/Maildir userdb_quota_rule=*:bytes=10240M
> > 
> > The files are generated automatically from a Single Source of Truth.
> > 
> > In my case I'm selecting the username myself, but there's nothing
> > preventing you from generating a username/password combination for your
> > users.
> > 
> > Note that in my setup users will have application specific username and
> > password, not only application specific password. It was easier to
> > implement it quickly this way.
> > 
> > Greetz
> > Kirill
> > 

-- 
    -- Kirill Miazine <km at krot.org>