thr3ads.net - dovecot - External Program for Authentication? [May 2018]

If this information is useful, please help other people find it:
Share via:

Marc Perkel

2018-May-16 19:18 UTC

External Program for Authentication?

Is it possible to run a bash script for authentication where a 0 exit 
code indicates success and a non-zero is failure? What I'm trying to do 
is create a shadow IMAP server that authenticates against a different 
server. That way my server will use the same passwords as an existing 
server.

So what I would need is for dovecot to pass the username and password to 
my script, I attempt to log in remotely and if I succeed I allow access 
on my side. My side will be used to configure black lists and where spam 
is dragged from their side to my side. (I'm a spam filtering company)

Christian Kivalo

2018-May-16 19:50 UTC

head link

External Program for Authentication?

On 2018-05-16 21:18, Marc Perkel wrote:> Is it possible to run a bash script for authentication where a 0 exit
> code indicates success and a non-zero is failure? What I'm trying to
> do is create a shadow IMAP server that authenticates against a
> different server. That way my server will use the same passwords as an
> existing server.
> 
> So what I would need is for dovecot to pass the username and password
> to my script, I attempt to log in remotely and if I succeed I allow
> access on my side. My side will be used to configure black lists and
> where spam is dragged from their side to my side. (I'm a spam
> filtering company)Have you looked at the checkpassword [1] and imap [2] authdatbase 
descriptions in the wiki?

[1] https://wiki2.dovecot.org/AuthDatabase/CheckPassword
[2] https://wiki2.dovecot.org/PasswordDatabase/IMAP

-- 
  Christian Kivalo

Sami Ketola

2018-May-16 21:17 UTC

head link

External Program for Authentication?

> On 16 May 2018, at 22.18, Marc Perkel <marc at perkel.com> wrote:
> 
> Is it possible to run a bash script for authentication where a 0 exit code
indicates success and a non-zero is failure? What I'm trying to do is create
a shadow IMAP server that authenticates against a different server. That way my
server will use the same passwords as an existing server.
> 
> So what I would need is for dovecot to pass the username and password to my
script, I attempt to log in remotely and if I succeed I allow access on my side.
My side will be used to configure black lists and where spam is dragged from
their side to my side. (I'm a spam filtering company)
> 

Lua passdb https://wiki.dovecot.org/AuthDatabase/Lua
<https://wiki.dovecot.org/AuthDatabase/Lua> on dovecot 2.3 can be used or
if you can make your external server act as auth policy server, then you could
use https://wiki.dovecot.org/Authentication/Policy
<https://wiki.dovecot.org/Authentication/Policy> available since dovecot
2.2.25

Sami

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20180517/24450509/attachment.html>

Aki Tuomi

2018-May-17 06:13 UTC

head link

External Program for Authentication?

<!doctype html>
<html>
 <head> 
  <meta charset="UTF-8"> 
 </head>
 <body>
  <div>
   <br>
  </div>
  <blockquote type="cite">
   <div>
    On 17 May 2018 at 00:17 Sami Ketola <
    <a
href="mailto:sami.ketola@dovecot.fi">sami.ketola@dovecot.fi</a>>
wrote:
   </div>
   <div>
    <br>
   </div>
   <div>
    <br>
   </div>
   <div>
    <br>
   </div>
   <div>
    <br>
   </div>
   <blockquote type="cite">
    <div>
     On 16 May 2018, at 22.18, Marc Perkel <
     <a
href="mailto:marc@perkel.com">marc@perkel.com</a>> wrote:
    </div>
    <div>
     <br>
    </div>
    <div>
     Is it possible to run a bash script for authentication where a 0 exit code
indicates success and a non-zero is failure? What I'm trying to do is create
a shadow IMAP server that authenticates against a different server. That way my
server will use the same passwords as an existing server.
    </div>
    <div>
     <br>
    </div>
    <div>
     So what I would need is for dovecot to pass the username and password to my
script, I attempt to log in remotely and if I succeed I allow access on my side.
My side will be used to configure black lists and where spam is dragged from
their side to my side. (I'm a spam filtering company)
    </div>
    <div>
     <br>
    </div>
   </blockquote>
   <div>
    <br>
   </div>
   <div>
    Lua passdb 
    <a href="https://wiki.dovecot.org/AuthDatabase/Lua"
rel="noopener"
target="_blank">https://wiki.dovecot.org/AuthDatabase/Lua</a>
<
    <a href="https://wiki.dovecot.org/AuthDatabase/Lua"
rel="noopener"
target="_blank">https://wiki.dovecot.org/AuthDatabase/Lua</a>>
on dovecot 2.3 can be used or if you can make your external server act as auth
policy server, then you could use
    <a href="https://wiki.dovecot.org/Authentication/Policy"
rel="noopener"
target="_blank">https://wiki.dovecot.org/Authentication/Policy</a>
<
    <a href="https://wiki.dovecot.org/Authentication/Policy"
rel="noopener"
target="_blank">https://wiki.dovecot.org/Authentication/Policy</a>>
available since dovecot 2.2.25
   </div>
   <div>
    <br>
   </div>
   <div>
    Sami
   </div>
  </blockquote>
  <div>
   <br>
  </div>
  <div>
   Or you can use passdb imap. https://wiki.dovecot.org/PasswordDatabase/IMAP
  </div>
  <div class="io-ox-signature">
   ---
   <br>Aki Tuomi
  </div> 
 </body>
</html>

Reasonably Related Threads

Search for more seemingly similar threads

dovecot - May 2018 - External Program for Authentication?

External Program for Authentication?

External Program for Authentication?

External Program for Authentication?

External Program for Authentication?

Reasonably Related Threads