Password database - external verification questions
Aki Tuomi
aki.tuomi at open-xchange.com
Thu May 16 09:50:46 EEST 2019
On 16.5.2019 4.43, Richard Hector via dovecot wrote:
> On 10/05/19 10:10 AM, Richard Hector via dovecot wrote:
>> Hi all,
>>
>> I'm currently using a PostgreSQL database for my user/password db,
>> directly from dovecot. The trouble with that is that I'm stuck with
>> whatever hash algorithms dovecot supports - which IIRC means (a subset
>> of?) what libc has been compiled with, which can be a bit restrictive.
In 2.3 you can choose also BLF-CRYPT (bcrypt) and if compiled with, you
can also use ARGON2. So you are not limited with glibc only.
>> So I'd like to use an external tool, which would also let me integrate
>> other applications (eg web apps).
>>
>> PAM seems to be most suited to sharing accounts with the OS, which isn't
>> what I want.
>>
>> BSDAuth likewise, but I'm not using BSD.
>>
>> CheckPassword looks like a somewhat convoluted protocol, but maybe the
>> best bet?
>>
>> IMAP - well, that's circular :-)
>>
>> OAuth2 looks possible, but seems to be focused on http?
>>
>> Any suggestions? And recommended implementations?
>>
>> How hard is it to add extra methods?
LDAP is most often used by customers. oauth2 requires client-side
support too, although since 2.3.6 you can also use oauth2 with "password
grant". You can use LUA passdb if you really need something exotic,
although then you need to write your own.
Aki
> No tips?
>
> Are my requirements/preferences quite unusual?
>
> Am I asking a silly question?
>
> Am I misunderstanding/exaggerating the limitations of dovecot's/libc's
> algorithms?
>
> Thanks,
> Richard
More information about the dovecot
mailing list