I’m currently working on the implementation of application specific passwords 
for my mail server (like Googles: 
My main authentication/user source is LDAP, but I don’t want my users to set 
their LDAP passwords on their devices for accessing Cal/CardDAV.

Therefore I created an SQL authentication source which allows to add more than 
one password per account.
Since you can’t write your own password query like in Dovecot, I built a view 
over it and tried several ways without success:
1. Return multiple entries with the same c_uid and a different c_name 
(PK@c_uid), each with a different c_password (because of „c_name: will be used 
to uniquely identify entries“ in documentation)
    => only the first c_uid matching result works
2. Return multiple entries with different c_uid and the same c_name, each with 
a different c_passwords
    => creates multiple accounts and needs PK@c_name as login user
3. Return a single entry with multiple, space delimited c_password
    => doesn’t work at all

Does someone know a working configuration? As a last resort I thought of the 
following workaround:
Create multiple views (5 - 10), each returning only one entry per c_uid with 
different passwords, configure the same amount of AuthSources in sogo.conf. But 
that isn’t really beautiful, as it restricts the amount of app specific 
passwords and I think the performance would lack because of the 10 additional 
queries per login attempt.

I already had a look into SQLSource.m 
 but I think I need to dig deeper to find out if it’s possible to process more 
than one result row (and more than one password, therefore). Relevant part 
starting around L#270.


Reply via email to