On 18/03/2023 00:44 EET David Koski <dko...@sutinen.com> wrote:Hello,I'm looking for a good way to apply a custom hash to passwords. My hopeis to add passwords to a (MySQL) database: INSERT INTO users(user='joblo', pass=MYHASH('plain-password')..For SASL authentication, my thought first was to apply the same hash tothe issued password and compare it with the hashed password in thedatabase. I soon discovered the sql driver supplied by Dovecot doesn'tprovide that ability, unless I'm missing something.I'm looking for documentation on how to implement a customauthentication script if needed.Regards,David Koski
Hi David, see https://doc.dovecot.org/configuration_manual/authentication/lua_based_authentication/ on how to implement custom authentication.
For verifying password you could use MYHASH('%w') in your passdb sql lookup. You need to include `'Y' as nopassword` in this case, and this will cause wrong password to become unknown user error.
Aki