PHPackages dweuthen/application\_passwords - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. dweuthen/application\_passwords AbandonedArchivedRoundcube-plugin dweuthen/application\_passwords =============================== Roundcube plugin to manage application-specific passsords. 7154[1 issues](https://github.com/dweuthen/roundcube-application_passwords/issues)PHP Since Sep 14Pushed 1y ago1 watchersCompare [ Source](https://github.com/dweuthen/roundcube-application_passwords)[ Packagist](https://packagist.org/packages/dweuthen/application_passwords)[ RSS](/packages/dweuthen-application-passwords/feed)WikiDiscussions master Synced 1w ago READMEChangelogDependenciesVersions (1)Used By (0) Warning As I no longer use Roundcube, I have decided to finally archive this repository. Application Passwords Plugin for Roundcube ========================================== [](#application-passwords-plugin-for-roundcube) This RoundCube plugin adds support for managing application-specific passwords to Roundcube's settings task. Currently only SQL-based stores for application-specific passwords are supported. Application-specific passwords allow users to create a unique password for each application interacting with the email server. Additionally the usage of regular user passwords may be completely disabled for email protocols such as SMTP, IMAP or POP3 to lower the risk of stealing username and password combination by eavesdropping in insecure networks. License ------- [](#license) This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . Installation ------------ [](#installation) - Clone from github: HOME\_RC/plugins$ git clone [https://github.com/dweuthen/roundcube-application\_passwords.git](https://github.com/dweuthen/roundcube-application_passwords.git) application\_passwords - Activate the plugin into HOME\_RC/config/main.inc.php: $rcmail\_config\['plugins'\] = array('application\_passwords'); Configuration ------------- [](#configuration) Copy config.inc.php.dist to config.inc.php and set the options as described within the file. The SQL queries in config.php.dist work with belows example setup. Example Setup ------------- [](#example-setup) This plugin has been developed on a Debian-based Exim/Dovecot email server where domains and users are managed in MySQL. Dovecot expects that user and password database lookups only return a single result set. Therefore salted password hashes cannot be used for application- specific passwords, as multiple password hashes would be returned (one for each application). As an alternative, a strong hash function such as SHA512 can be used to store the application-specific passwords. The used hash function must be supported by the SQL server as the database server has to apply it to the submitted plain text password in the where-clause. In theory other methods of storing encrypting passwords are supported but have not been tested. The database tables used in this example setup have been created with the following SQL statements: > CREATE TABLE `users` ( `username` varchar(128) NOT NULL, `domain` varchar(128) NOT NULL, `password` varchar(255) DEFAULT NULL, `uid` smallint(5) unsigned DEFAULT NULL, `gid` smallint(5) unsigned DEFAULT NULL, `home` varchar(255) DEFAULT NULL, `mail` varchar(255) DEFAULT NULL ) ENGINE=InnoDB DEFAULT CHARSET=latin1 > CREATE TABLE `applications` ( `username` varchar(128) NOT NULL, `domain` varchar(128) NOT NULL, `application` varchar(128) NOT NULL, `password` varchar(255) DEFAULT NULL, `created` timestamp NOT NULL DEFAULT CURRENT\_TIMESTAMP ) ENGINE=InnoDB DEFAULT CHARSET=latin1 In order to authenticate applications in Dovecot the following "password\_query" is used: > SELECT username, domain, NULL AS password, 'Y' as nopassword FROM applications WHERE username = '%n' AND domain = '%d' AND password = SHA2('%w',"512") The "user\_query" is still set to query the user table: > SELECT home, uid, gid FROM users WHERE username = '%n' AND domain = '%d' Notes ----- [](#notes) Tested with RoundCube 1.0.1 on Debian Wheezy (PHP 5.4.4, MySQL 5.5.37) Parts of the code was taken from Aleksander Machniak's Password Plugin for Roundcube and the author was inspired by Google's implementation of application-specific passwords. Author ------ [](#author) Daniel Weuthen ### Health Score 17 — LowBetter than 6% of packages Maintenance26 Infrequent updates — may be unmaintained Popularity13 Limited adoption so far Community9 Small or concentrated contributor base Maturity17 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/3c15bad1d794c293ad7389d7e804826624ca8815297597398252e68da3f7f0ea?d=identicon)[dweuthen](/maintainers/dweuthen) --- Top Contributors [![dweuthen](https://avatars.githubusercontent.com/u/5158619?v=4)](https://github.com/dweuthen "dweuthen (8 commits)") ### Embed Badge ![Health badge](/badges/dweuthen-application-passwords/health.svg) ``` [![Health](https://phpackages.com/badges/dweuthen-application-passwords/health.svg)](https://phpackages.com/packages/dweuthen-application-passwords) ``` PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)