Multipass lets you use application-specific passwords on your own machine.
It has two primary parts:
multipass, the user component. You (or your users) use this to manage their app-specific passwords.
mp-checkpassword, the authentication component.
This is a Dovecot checkpassword–compatible
authentication service which reads users’ ~/.multipass files.
It is as yet unfinished, but is somewhat usable in its current state.
First, download and install multipass:
go get pfish.zone/go/multipass
go install pfish.zone/go/multipass/mp-checkpasswordYou probably want to copy the binaries to somewhere on your PATH.
Then, set up your users. They need to have their home directory executable by the user who runs mp-checkpassword. This usually means making their home directory world-executable.
Set up dovecot. For Ubuntu, I added a auth-multipass.conf.ext file with these contents:
passdb {
driver = checkpassword
args = /usr/local/bin/mp-checkpassword
}I also had to remove the limits on process virtual memory size in 10-master.conf:
default_vsz_limit = 0Now your users can run multipass add to generate a new password.