I'm trying to configure SSHA512 passwords and when testing discovered that they were not working as expected. At first i was using Centos 6.4 which doesn't have the glibc CRYPT newest functions ($6$salt$pass) so had to rollback to the Dovecot format ({SSHA512.HEX}saltedpassword+salt ) but I'm unable to let dovecot authenticate properly.

Some logs and details:

Apr 16 02:55:37 auth: Debug: client in: AUTH 1 PLAIN service=imap lip=xxx rip=xxx lport=143 rport=58171
resp=AGRpbm9AYWJjLml0AGRpbm8= Apr 16 02:55:37 auth: Debug: sql(dino@abc.it,xxxx): query: SELECT '{SSHA512.HEX}' || password as password FROM mailboxes WHERE fullusername='dino@abc.it' Apr 16 02:55:37 auth: Info: sql(dino@abc.it,xxxx): Password mismatch (given password: dino) Apr 16 02:55:37 auth: Error: md5_verify(dino@abc.it): Not a valid MD5-CRYPT or PLAIN-MD5 password Apr 16 02:55:37 auth: Warning: Invalid OTP data in passdb Apr 16 02:55:37 auth: Warning: Invalid OTP data in passdb Apr 16 02:55:37 auth: Debug: sql(dino@abc.it,xxxx): SSHA512.HEX(dino) != 'd449914d83c85a786bcde7114b3dfdb24a651c27956388ac641d46eaf40c86e7c95ce2534348730475c8893eab314af189b3a46bf6d76b82cfba119e920813a531e985acd35c47ca8d3cafe50b595b66' Apr 16 02:55:39 auth: Debug: client out: FAIL 1 user=dino@abc.it

Full password as taken from database: {SSHA512.HEX}d449914d83c85a786bcde7114b3dfdb24a651c27956388ac641d46eaf40c86e7c95ce2534348730475c8893eab314af189b3a46bf6d76b82cfba119e920813a531e985acd35c47ca8d3cafe50b595b66

The first 128 chars are the salted password, remaining 32 the salt (hex uuid representation)

I've checked twice that the generated passwords are correct, in fact if you salt the password (dino) you get the exact 128chars as in the stored password but dovecot compares the full password with the salt (160 chars), is this correct?

Any ideas?