Hi guys, we're using Dovecot/Postfix here for our mail system. I'd like to switch the `passdb` authentication on Dovecot from PAM over to a custom implementation. We'd prefer to have some sort of script check the password with an external IAM provider via HTTP. Is there any way we can accomplish this? The idea is to have Dovecot somehow call a script or send a username/password to some service, which checks the username/password against the identity provider and returns a "yes/no" back to Dovecot. `checkpassword` seems like it may work but I see no documentation on its API. Matthew R, AD, FSEN, FSO, FSCR Chief Director of Engineering & Chairman of the Board of Directors Library of Code sp-us matthew at staff.libraryofcode.org -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20220228/f3d509ef/attachment-0001.htm> -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5020 bytes Desc: not available URL: <https://dovecot.org/pipermail/dovecot/attachments/20220228/f3d509ef/attachment-0001.bin>
> On 01/03/2022 03:54 Matthew R <matthew at staff.libraryofcode.org> wrote: > > > Hi guys, we're using Dovecot/Postfix here for our mail system. I'd like to switch the `passdb` authentication on Dovecot from PAM over to a custom implementation. We'd prefer to have some sort of script check the password with an external IAM provider via HTTP. Is there any way we can accomplish this? > The idea is to have Dovecot somehow call a script or send a username/password to some service, which checks the username/password against the identity provider and returns a ?yes/no? back to Dovecot. > > `checkpassword` seems like it may work but I see no documentation on its API. > > > Matthew R, AD, FSEN, FSO, FSCR > Chief Director of Engineering & Chairman of the Board of Directors > Library of Code sp-us > matthew at staff.libraryofcode.orgHi! Your best choice is to use a Lua script, see https://doc.dovecot.org/configuration_manual/authentication/lua_based_authentication/ Aki