I did this using SQL database (MySQL) as I wanted to have roundcube
webmail
with 2FA, but use separate passwords for clients connecting to
imap/submission
directly. Otherwise, 2FA on only roundcube is a bit pointless if the
same
credentials can still be used via IMAP without 2FA.
I was inspired by the roundcube ap4rc plugin[1], but it requires a
separate
username to be created for each device and was kinda awkward to use in
practice.
I forked it and added some new username formats: "Format 2" is the email
address or same username everywhere.
The key part of it is the Dovecot Auth/SQL dict config:-
https://github.com/listerr/ap4rc/blob/main/README_DOVECOT.md#auth-config-example
The example under format 2 first tries the username/pw in a static
passwd
file for use with roundcube only, then if this fails, try looking it up
in sql for the application specific passwords.
In reality I use SQL for both rather than static file, the SQL query is
a bit
more complicated.
[1] https://github.com/openSUSE/ap4rc
On 2024-07-26 15:57, Aubry via dovecot wrote:
Hi,
From what I understood from the archive and from my tests, we cannot
have multiple passwords for a given account. (I get the error: Password
query returned multiple matches)
But it looks like it can be done via a PAM module.
Does anyone succeeded setup multiple password with PAM or any other
method with a SQL backend ?
--
Rob Lister
r...@lonap.net
+44 20 3137 8330
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
