Dear Dovecot Team,

I'm in the (long) process of migrating my whole email infrastructure. Of course, dovecot is in the place, and is working just fine.

Still, I have an issue: password expiration.

I'm now using FreeIPA backend for the user authentication, and it includes the capacity to expire passwords. Basically, it's an LDAP with fancy things, among them a field named krbPasswordExpiration (yes, that's kerberos).

In order to make things simple, I'd rather NOT force my users to set up a kerberos/gssapi/whatever on their personal computer (most of them will just have blank gaze if I start talking about that).

Is there a way to make Dovecot use that field? It's apparently a simple date in %Y%M%D%H%m%sZ format, so a pretty neat thing to test. If there's some support for that in Dovecot, that is.

If not, as a last resort, I can configure the freeIPA to deactivate the user if the password is expired, and this should push another field in the user description. Would that be a possibility for Dovecot, in case it can't use the datetime field as is?

Thank you for your support!

Cheers,

C.