Custom Authentication Method

Kees van Vloten keesvanvloten at gmail.com
Tue Mar 1 10:36:38 UTC 2022


On 01-03-2022 07:15, Aki Tuomi wrote:
>> On 01/03/2022 03:54 Matthew R <matthew at staff.libraryofcode.org> wrote:
>>
>>
>> Hi guys, we're using Dovecot/Postfix here for our mail system. I'd like to switch the `passdb` authentication on Dovecot from PAM over to a custom implementation. We'd prefer to have some sort of script check the password with an external IAM provider via HTTP. Is there any way we can accomplish this?
>> The idea is to have Dovecot somehow call a script or send a username/password to some service, which checks the username/password against the identity provider and returns a “yes/no” back to Dovecot.
>>
>> `checkpassword` seems like it may work but I see no documentation on its API.
>>
>>
>> Matthew R, AD, FSEN, FSO, FSCR
>> Chief Director of Engineering & Chairman of the Board of Directors
>> Library of Code sp-us
>> matthew at staff.libraryofcode.org
> Hi!
>
> Your best choice is to use a Lua script, see https://doc.dovecot.org/configuration_manual/authentication/lua_based_authentication/
>
> Aki

Another option would be to use the pam interface in Dovecot, to 
configure pam_script or pam_python and implement your authentication 
code in bash or python.

- Kees



More information about the dovecot mailing list