From: Madison Kelly (no email)
Date: Mon Oct 01 2007 - 12:40:17 EDT
Hi all,
I'm a fairly recent convert to Postfix from Sendmail, so please be
gentle (and assume I know nothing). :)
I've got a Postfix/Dovecot/PostgreSQL setup with a custom DB schema
for my email. This database is also used for a bigger program I use for
all my hosting needs (domains, etc.). Currently, I've set it up to use
plain-text authentication while I was developing it and getting things
running. Now though it's up and running fine, so I want to increase the
strength of my passwords that Postfix/Dovecot use.
I currently have two fields in a table called 'users'; 'usr_password'
which is plain-text and what Postfix/Dovecot currently use and
'usr_strong_password', which stores a stronger hash and is used by the
main program.
My question is, can I have Postfix/Dovecot use a custom password
hashing system?
The way I store my strong password (as used by the web-interface) is;
- Take the password provided from the user
- Read a stored 'salt' value from the database (unique per user and
changed on password [re]sets).
- Generate an initial SHA256 hash out of the password+salt.
- Re-hash the initial SHA256 hash many thousands of times.
- Compare the final hash with the hash stored in 'usr_strong_password'.
If I can tell Postfix/Dovecot how to do this, where would I do it? Is
there a document/howto/etc someone could point me to? Is there a file I
should look at?
Thanks all!!
Madi
|
|
|