Alexander Dalloz
2021-Nov-07 13:45 UTC
How to enable LDAP authentication for schema SSHA384
Am 07.11.2021 um 14:35 schrieb Ralph Seichter:> While using LDAP-based authentication, I have come across the message > > auth: Error: [...] Unknown scheme SSHA384 > > Based on the docs at [1] I use the dovecot.org packages provided for > Ubuntu 20.04 LTS which, as you can see, are not yet documented in the > HTML page, put are available via [2]. Specifically, I used > > apt-get install dovecot-ldap dovecot-sqlite > > to install Dovecot. What else is needed beyond the two listed packages > in order to enable support for SSHA384 password hashes in Dovecot? Am I > perhaps missing some required configuration parameter? Your help is > appreciated. > > -Ralph > > [1] https://doc.dovecot.org/installation_guide/dovecot_community_repositories/ubuntu_packages/ > [2] http://repo.dovecot.org/ce-2.3-latest/ubuntu/focal/Don't know about Ubuntu specifics, but https://doc.dovecot.org/configuration_manual/authentication/password_schemes/#sha-based-schemes-also-see-below-for-libc-s-sha-support and https://www.openldap.org/faq/data/cache/1467.html might help. Alexander
* Alexander Dalloz:> Don't know about Ubuntu specifics [...]Thank you for the pointers. Am I right to interpret the Dovecot docs as stating that SSHA384 is not supported by the official packages, and that my only recourse might be building from the source code and adding some external code in the process? I do not remember encountering SSHA384 before, but the existing LDAP records use this schema for about half of a huge user base. Telling all affected users to change their passwords is not an option. -Ralph