> On 01/03/2022 03:54 Matthew R <[email protected]> wrote: > > > Hi guys, we're using Dovecot/Postfix here for our mail system. I'd like to > switch the `passdb` authentication on Dovecot from PAM over to a custom > implementation. We'd prefer to have some sort of script check the password > with an external IAM provider via HTTP. Is there any way we can accomplish > this? > The idea is to have Dovecot somehow call a script or send a username/password > to some service, which checks the username/password against the identity > provider and returns a “yes/no” back to Dovecot. > > `checkpassword` seems like it may work but I see no documentation on its API. > > > Matthew R, AD, FSEN, FSO, FSCR > Chief Director of Engineering & Chairman of the Board of Directors > Library of Code sp-us > [email protected]
Hi! Your best choice is to use a Lua script, see https://doc.dovecot.org/configuration_manual/authentication/lua_based_authentication/ Aki
