Thomas Johnson
2014-May-07 03:30 UTC
[Dovecot] Can Auth dict proxy protocol be used to validate a password?
I'm interested in using authentication via a UNIX socket as documented at http://wiki2.dovecot.org/AuthDatabase/Dict. (We are currently using a checkpassword script to enable us to authenticate against a django app that stores passwords in pbkdf2 format, but I'm concerned about scalability as we grow - specifically the comment about performance on http://wiki2.dovecot.org/AuthDatabase/CheckPassword). The example clearly shows retrieving a password, but is there some way to validate a password that was provided the way a checkpassword script does? Otherwise, for performance reasons, perhaps we should implement a new password scheme directly for dovecot? Thanks- Tom
Timo Sirainen
2014-May-07 07:51 UTC
[Dovecot] Can Auth dict proxy protocol be used to validate a password?
On 7.5.2014, at 6.30, Thomas Johnson <tj at terramar.net> wrote:> I'm interested in using authentication via a UNIX socket as documented at http://wiki2.dovecot.org/AuthDatabase/Dict. > > (We are currently using a checkpassword script to enable us to authenticate against a django app that stores passwords in pbkdf2 format, but I'm concerned about scalability as we grow - specifically the comment about performance on http://wiki2.dovecot.org/AuthDatabase/CheckPassword). > > The example clearly shows retrieving a password, but is there some way to validate a password that was provided the way a checkpassword script does?You can make it work the same as with e.g. SQL. Don't return a password and return nopassword=y and return success only if the authentication succeeded.