#Email #Sysadmin #Hivemind, brainstorm with me the best way to achieve per-client passwords with #saslauthd!

The ultimate goal is to replicate Fastmail’s per-app IMAP and SMTP passwords, where the same login user can successfully authenticate with a list of passwords that I’ll manage externally.

I’m already using saslauthd in ldap mode, but LDAP tends to hold as fundamental that a user has only one password. saslauthd also has pam mode, but PAM (and especially the PAM MySQL and Postgres modules) also barf if your database query returns more than one row. getpwent and kerberos modes I can’t see being much use.

What about the rimap mode? Do I want to write a dummy IMAP server that backs onto a database for auth? Yuck, but all the other options seem yucker.

Maloney clause: I’ve done a lot of reading of specs and source already, so you’re unlikely to help if you’re just going to do a web search. Paste chatbot slop at me to get blocked.