Single account, multiple passwords

Question

In dovecot, I need to create an email account with 15 different passwords.

Is this possible without SQL?

If I do that with SQL, can I do it only for this single account? Probably use second auth section?

Answer 1

This is unfortunately not possible without SQL

However, if you want to use SQL, here is a start:

CREATE TABLE dovecot_passwords (
  username VARCHAR(255) NOT NULL,
  password VARCHAR(255) NOT NULL,
  primary key(username, password)
);

INSERT INTO dovecot_passwords (username, password) VALUES
  ('user@domain', 'password1'),
  ('user@domain', 'password2'),
  ('user@domain', 'password3'),
  ...
  ('user@domain', 'password15');

Then this config:

auth {
  ...
  # First authentication section for system users
  auth_mechanisms = plain login
  passdb {
    driver = pam
  }
  userdb {
    driver = passwd
  }
  
  # Second authentication section for the single account with 15 passwords
  auth_mechanisms = plain login
  passdb {
    driver = sql
    args = /etc/dovecot/dovecot-sql.conf.ext
    # Add the following line to specify the table and username/password fields
    # for the second authentication section
    user_query = SELECT username AS user, password FROM dovecot_passwords WHERE username = '%u'
  }
  userdb {
    driver = static
    args = uid=vmail gid=vmail home=/var/vmail/%d/%n
  }
}

Answer 2

Yes, it is possible to create an e-mail account with 15 passwords without SQL. There is a plethora of back-ends available for Dovecot to check passwords against. They are described in the Dovecot documentation: https://doc.dovecot.org/configuration_manual/authentication/password_databases_passdb/#lookup-database. Depending on your needs, it could be a Passwd-file, an external database (e.g. via SQL or LDAP), or the result of some script (via CheckPassword or LUA).

Without any further details on how you manage your users, I cannot give more specific configuration suggestions.