Shadow

Works at least with Linux and Solaris, but nowadays PAM is usually preferred to this.

This uses auth-worker processes:

passdb {
  driver = shadow
}

By default the auth-worker processes are run as dovecot user though, which normally doesn’t have access to /etc/shadow. If this is a problem, you can fix it with:

service auth-worker {
  # This should be enough:
  group = shadow
  # If not, just give full root permissions:
  #user = root
}

If there are only a few users and you’re using /etc/shadow file, there’s really no need to use auth-workers. You can disable them with:

passdb {
  driver = shadow
  args = blocking=no
}