I'm currently working on a control panel which is using postfix, dovecot and other applications and I want to add application specific passwords to increase security. I found one solution [1], however it requires the password to be included in the query which is something I do not want to do, because the query may be written in clear-text to log-files. So I'm wondering if there is a way to have multiple passwords with dovecot without risking passwords being leakied in clear-text to log-files. [1] http://wiki2.dovecot.org/AuthDatabase/SQL#Password_verification_by_SQL_server
Quoting BlackVoid <blackvoid+dovecot at fantas.in>:> I'm currently working on a control panel which is using postfix, dovecot > and other applications and I want to add application specific passwords > to increase security. > > I found one solution [1], however it requires the password to be > included in the query which is something I do not want to do, because > the query may be written in clear-text to log-files. So I'm wondering if > there is a way to have multiple passwords with dovecot without risking > passwords being leakied in clear-text to log-files. > >[1]http://wiki2.dovecot.org/AuthDatabase/SQL#Password_verification_by_SQL_server You can run your query by host (or port - not sure if that variable is available in the query) and make it complex.. For example - (MySQL) SELECT if ('%r'!='127.0.0.1', webmail_pass, enc_password) as password from user where userid = %u http://komlenic.com/254/mysql-nested-if-in-select-queries/ If you're using Dovecot as an auth backend for your control panel, I'd use a custom port only accessible from the web server(s) like 145 for IMAP+Control Panel. Rick
On 23 Jul 2014, at 18:49, BlackVoid <blackvoid+dovecot at fantas.in> wrote:> I'm currently working on a control panel which is using postfix, dovecot > and other applications and I want to add application specific passwords > to increase security. > > I found one solution [1], however it requires the password to be > included in the query which is something I do not want to do, because > the query may be written in clear-text to log-files. So I'm wondering if > there is a way to have multiple passwords with dovecot without risking > passwords being leakied in clear-text to log-files.There's an old patch to support this, but it was never finished: http://dovecot.org/patches/2.0/auth-multi-password-2.0.diff I had a newer idea about encoding the passwords into a single field, such as {MULTI}hash1:hash2:hash3 but that doesn't exist either yet. For now the only possibility would be to create multiple passdbs, each one returning a different password field. That could work if you have only a couple of different passwords.
Possibly Parallel Threads
- Different realm for different listeners?
- Different realm for different listeners?
- build matrix with the content of one column of a data frame in function of two factors
- RUnit - need advice on a good directory structure or tips...
- Fw: Re: CAMPANHA NATAL SEM BAIXARIA - PARTICIPE!