<!doctype html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<div>
</div>
<blockquote type="cite">
<div>
On 18/03/2023 00:44 EET David Koski <<a href="mailto:dkoski@sutinen.com">dkoski@sutinen.com</a>> wrote:
</div>
<div>
</div>
<div>
</div>
<div>
Hello,
</div>
<div>
</div>
<div>
I'm looking for a good way to apply a custom hash to passwords. My hope
</div>
<div>
is to add passwords to a (MySQL) database: INSERT INTO users
</div>
<div>
(user='joblo', pass=MYHASH('plain-password')..
</div>
<div>
</div>
<div>
For SASL authentication, my thought first was to apply the same hash to
</div>
<div>
the issued password and compare it with the hashed password in the
</div>
<div>
database. I soon discovered the sql driver supplied by Dovecot doesn't
</div>
<div>
provide that ability, unless I'm missing something.
</div>
<div>
</div>
<div>
I'm looking for documentation on how to implement a custom
</div>
<div>
authentication script if needed.
</div>
<div>
</div>
<div>
Regards,
</div>
<div>
David Koski
</div>
<div>
<a href="mailto:dkoski@sutinen.com">dkoski@sutinen.com</a>
</div>
</blockquote>
<div>
</div>
<div class="default-style">
<span style="font-size: 11pt;">Hi David, see https://doc.dovecot.org/configuration_manual/authentication/lua_based_authentication/ on how to implement custom authentication.</span>
</div>
<div class="default-style">
</div>
<div class="default-style">
<span style="font-size: 11pt;">For verifying password you could use MYHASH('%w') in your passdb sql lookup. You need to include `'Y' as nopassword` in this case, and this will cause wrong password to become unknown user error.</span>
</div>
<div class="default-style">
</div>
<div class="default-style">
<span style="font-size: 11pt;">Aki</span>
</div>
<div class="default-style">
</div>
</body>
</html>