On 2021-11-07, Ralph Seichter <ralph@ml.seichter.de> wrote:
- Alexander Dalloz:
Don't know about Ubuntu specifics [...]
Thank you for the pointers. Am I right to interpret the Dovecot docs as stating that SSHA384 is not supported by the official packages, and that my only recourse might be building from the source code and adding some external code in the process?
I do not remember encountering SSHA384 before, but the existing LDAP records use this schema for about half of a huge user base. Telling all affected users to change their passwords is not an option.
Assuming that SSHA384 is supported by your LDAP server, you could perhaps use "auth_bind = yes" to have Dovecot attempt a bind with the user-supplied password, rather than having Dovecot retrieve the hashed password and validate it itself.