This is a Prosody authentication plugin which uses Dovecot as the backend.


As with all auth modules, there is no need to add this to modules_enabled. Simply add in the global section, or for the relevant hosts:

authentication = "dovecot"

These options are used by mod_auth_dovecot:

Name Description Default value
dovecot_auth_socket Path to the Dovecot auth socket "/var/run/dovecot/auth-login"
auth_append_host If true, sends the bare JID as authzid. false

The Dovecot user and group must have access to connect to this socket. You can create a new dedicated socket for Prosody too. Add the below to the socket listen section of /etc/dovecot/dovecot.conf, and match the socket path in Prosody's dovecot_auth_socket setting.

socket listen {
  client {
    path = /var/spool/prosody/private/auth-client
      mode = 0660
      user = prosody
      group = prosody

Make sure the socket directories exist and are owned by the Prosody user.

Note: Dovecot uses UNIX sockets by default. luasocket is compiled with UNIX socket on debian/ubuntu by default, but is not on many other platforms. If you run into this issue, you would need to either recompile luasocket with UNIX socket support, or use Dovecot 2.x's TCP socket support.

TCP socket support for Dovecot 2.x

Dovecot 2.x includes TCP socket support. These are the relevant mod_auth_dovecot options:

Name Description Default value
dovecot_auth_host Hostname to connect to. ""
dovecot_auth_port Port to connect to. (this value is required)


trunk Works
0.8 Works