Password expiration: how to trigger it?

Adi Pircalabu adi at ddns.com.au
Fri Dec 21 01:13:30 EET 2018


On 2018-12-21 05:56, Cédric Jeanneret wrote:
> Dear Dovecot Team,
> 
> I'm in the (long) process of migrating my whole email infrastructure. 
> Of
> course, dovecot is in the place, and is working just fine.
> 
> Still, I have an issue: password expiration.
> 
> I'm now using FreeIPA backend for the user authentication, and it
> includes the capacity to expire passwords. Basically, it's an LDAP with
> fancy things, among them a field named krbPasswordExpiration (yes,
> that's kerberos).
> 
> In order to make things simple, I'd rather NOT force my users to set up
> a kerberos/gssapi/whatever on their personal computer (most of them 
> will
> just have blank gaze if I start talking about that).
> 
> Is there a way to make Dovecot use that field? It's apparently a simple
> date in %Y%M%D%H%m%sZ format, so a pretty neat thing to test. If 
> there's
> some support for that in Dovecot, that is.

One option would be the post login script, see:
https://wiki.dovecot.org/PostLoginScripting

Can also hook a password expiry check in dovecot-lda to send periodic 
reminders, although that's a bit unorthodox.

-- 
Adi Pircalabu


More information about the dovecot mailing list