prosody-modules
e977174082ee
mod_auth_dovecot/README.md

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

File

mod_auth_dovecot/README.md @ 6193:e977174082ee

mod_invites_register_api: Use set_password() for password resets Previously the code relied on the (weird) behaviour of create_user(), which would update the password for a user account if it already existed. This has several issues, and we plan to deprecate this behaviour of create_user(). The larger issue is that this route does not trigger the user-password-changed event, which can be a security problem. For example, it did not disconnect existing user sessions (this occurs in mod_c2s in response to the event). Switching to set_password() is the right thing to do
author Matthew Wild <mwild1@gmail.com>
date Thu, 06 Feb 2025 10:24:30 +0000
parent 6003:fe081789f7b5
line wrap: on
line source

---
labels:
- 'Stage-Alpha'
- 'Type-Auth'
summary: Dovecot authentication module
rockspec:
  build:
    modules:
      mod_auth_dovecot: auth_dovecot/mod_auth_dovecot.lua
      mod_auth_dovecot.sasl_dovecot: auth_dovecot/sasl_dovecot.lib.lua
...

Introduction
============

This is a Prosody authentication plugin which uses Dovecot as the
backend.

Configuration
=============

As with all auth modules, there is no need to add this to
modules\_enabled. Simply add in the global section, or for the relevant
hosts:

    authentication = "dovecot"

These options are used by mod\_auth\_dovecot:

  Name                    Description                               Default value
  ----------------------- ----------------------------------------- -------------------------------
  dovecot\_auth\_socket   Path to the Dovecot auth socket           "/var/run/dovecot/auth-login"
  auth\_append\_host      If true, sends the bare JID as authzid.   false

The Dovecot user and group must have access to connect to this socket.
You can create a new dedicated socket for Prosody too. Add the below to
the *socket listen* section of /etc/dovecot/dovecot.conf, and match the
socket path in Prosody's dovecot\_auth\_socket setting.

    service auth {
        unix_listener /var/spool/prosody/private/auth-client {
            mode = 0660
            user = prosody
            group = prosody
        }
    }

Make sure the socket directories exist and are owned by the Prosody
user.

Note: Dovecot uses UNIX sockets by default. luasocket is compiled with
UNIX socket on debian/ubuntu by default, but is not on many other
platforms. If you run into this issue, you would need to either
recompile luasocket with UNIX socket support, or use Dovecot 2.x's TCP
socket support.

TCP socket support for Dovecot 2.x
----------------------------------

Dovecot 2.x includes TCP socket support. These are the relevant
mod\_auth\_dovecot options:

  Name                  Description               Default value
  --------------------- ------------------------- ----------------------------
  dovecot\_auth\_host   Hostname to connect to.   "127.0.0.1"
  dovecot\_auth\_port   Port to connect to.       *(this value is required)*

Compatibility
=============

  ------- -------
  trunk   Works
  0.8     Works
  ------- -------