Loading ...
Sorry, an error occurred while loading the content.
 

Custom password encryption scheme, how to do it?

Expand Messages
  • Madison Kelly
    Hi all, I m a fairly recent convert to Postfix from Sendmail, so please be gentle (and assume I know nothing). :) I ve got a Postfix/Dovecot/PostgreSQL setup
    Message 1 of 4 , Oct 1, 2007
      Hi all,

      I'm a fairly recent convert to Postfix from Sendmail, so please be
      gentle (and assume I know nothing). :)

      I've got a Postfix/Dovecot/PostgreSQL setup with a custom DB schema
      for my email. This database is also used for a bigger program I use for
      all my hosting needs (domains, etc.). Currently, I've set it up to use
      plain-text authentication while I was developing it and getting things
      running. Now though it's up and running fine, so I want to increase the
      strength of my passwords that Postfix/Dovecot use.

      I currently have two fields in a table called 'users'; 'usr_password'
      which is plain-text and what Postfix/Dovecot currently use and
      'usr_strong_password', which stores a stronger hash and is used by the
      main program.

      My question is, can I have Postfix/Dovecot use a custom password
      hashing system?

      The way I store my strong password (as used by the web-interface) is;

      - Take the password provided from the user
      - Read a stored 'salt' value from the database (unique per user and
      changed on password [re]sets).
      - Generate an initial SHA256 hash out of the password+salt.
      - Re-hash the initial SHA256 hash many thousands of times.
      - Compare the final hash with the hash stored in 'usr_strong_password'.

      If I can tell Postfix/Dovecot how to do this, where would I do it? Is
      there a document/howto/etc someone could point me to? Is there a file I
      should look at?

      Thanks all!!

      Madi
    • Victor Duchovni
      ... If you use Postfix with Dovecot auth, Postfix delegates all password checks to Dovecot, so if Dovecot can do what you want, you are done. Ask your question
      Message 2 of 4 , Oct 1, 2007
        On Mon, Oct 01, 2007 at 12:40:17PM -0400, Madison Kelly wrote:

        > My question is, can I have Postfix/Dovecot use a custom password
        > hashing system?

        If you use Postfix with Dovecot auth, Postfix delegates all password
        checks to Dovecot, so if Dovecot can do what you want, you are done.

        Ask your question on the Dovecot list.

        --
        Viktor.

        Disclaimer: off-list followups get on-list replies or get ignored.
        Please do not ignore the "Reply-To" header.

        To unsubscribe from the postfix-users list, visit
        http://www.postfix.org/lists.html or click the link below:
        <mailto:majordomo@...?body=unsubscribe%20postfix-users>

        If my response solves your problem, the best way to thank me is to not
        send an "it worked, thanks" follow-up. If you must respond, please put
        "It worked, thanks" in the "Subject" so I can delete these quickly.
      • Madison Kelly
        ... Will do, that s and sorry for the line noise. :) Madi
        Message 3 of 4 , Oct 1, 2007
          Victor Duchovni wrote:
          > On Mon, Oct 01, 2007 at 12:40:17PM -0400, Madison Kelly wrote:
          >
          >> My question is, can I have Postfix/Dovecot use a custom password
          >> hashing system?
          >
          > If you use Postfix with Dovecot auth, Postfix delegates all password
          > checks to Dovecot, so if Dovecot can do what you want, you are done.
          >
          > Ask your question on the Dovecot list.

          Will do, that's and sorry for the line noise. :)

          Madi
        • mouss
          ... http://wiki.dovecot.org/Authentication/PasswordSchemes http://wiki.dovecot.org/PasswordDatabase/CheckPassword
          Message 4 of 4 , Oct 1, 2007
            Madison Kelly wrote:
            > Victor Duchovni wrote:
            >> On Mon, Oct 01, 2007 at 12:40:17PM -0400, Madison Kelly wrote:
            >>
            >>> My question is, can I have Postfix/Dovecot use a custom password
            >>> hashing system?
            >>
            >> If you use Postfix with Dovecot auth, Postfix delegates all password
            >> checks to Dovecot, so if Dovecot can do what you want, you are done.
            >>
            >> Ask your question on the Dovecot list.
            >
            > Will do, that's and sorry for the line noise. :)
            >


            http://wiki.dovecot.org/Authentication/PasswordSchemes
            http://wiki.dovecot.org/PasswordDatabase/CheckPassword
          Your message has been successfully submitted and would be delivered to recipients shortly.