Password database - external verification questions
Richard Hector
richard at walnut.gen.nz
Thu May 16 04:43:23 EEST 2019
On 10/05/19 10:10 AM, Richard Hector via dovecot wrote:
> Hi all,
>
> I'm currently using a PostgreSQL database for my user/password db,
> directly from dovecot. The trouble with that is that I'm stuck with
> whatever hash algorithms dovecot supports - which IIRC means (a subset
> of?) what libc has been compiled with, which can be a bit restrictive.
>
> So I'd like to use an external tool, which would also let me integrate
> other applications (eg web apps).
>
> PAM seems to be most suited to sharing accounts with the OS, which isn't
> what I want.
>
> BSDAuth likewise, but I'm not using BSD.
>
> CheckPassword looks like a somewhat convoluted protocol, but maybe the
> best bet?
>
> IMAP - well, that's circular :-)
>
> OAuth2 looks possible, but seems to be focused on http?
>
> Any suggestions? And recommended implementations?
>
> How hard is it to add extra methods?
No tips?
Are my requirements/preferences quite unusual?
Am I asking a silly question?
Am I misunderstanding/exaggerating the limitations of dovecot's/libc's
algorithms?
Thanks,
Richard
More information about the dovecot
mailing list