> On 15/11/2022 14:55 EET Aki Tuomi <aki.tu...@open-xchange.com> wrote: > > > > On 15/11/2022 14:45 EET Krisztián Szegi <oni-d...@mszk.eu> wrote: > > > > > > Good day to all, > > > > this is my first post to the mailing list! > > > > I'd like to report that non-binding auth to (Open)LDAP doesn't work if the > > latter hashes passwords with ARGON2. > > > > Although dovecot (I am using http://2.3.19.1) does support ARGON2 with > > libsodium, but it doesn't recoginize hashes beginning "{ARGON2}$argon2id$" > > stored (and hashed, using ppolicy module's hashCleartext) by OpenLDAP. > > > > Now, I understand that ARGON2I, -D, and -ID are not compatible, but the > > ACTUAL algorithm is there between the two $. > > Furthermore, I think dovecot is in the minority here, I haven't met any > > software that specifies the ARGON2 subtype between {}. > > BTW, I haven't met any software that hashes passwords with ARGON2, but not > > with the ARGON2ID subtype (where libsodium is available, which also seems > > to be the standard here), as THAT is the recommended one anyway. > > > > I patched the rpm in OpenSUSE repo to alias {ARGON2} to {ARGON2ID}: > > https://build.opensuse.org/package/view_file/home:Samonitari:branches:openSUSE:Factory/dovecot23/dovecot-2.3.0-alias_ARGON2_to_ARGON2ID.patch > > > > Could we get something like this (but maybe more correct) into the official > > source? > > Maybe a config switch to alias it runtime? > > > > Thanks for the attention: > > Krisztián > > Hi! > > Thanks for your report. I think it makes sense, we'll see what we can do > about this. > > Aki
This has been fixed in https://github.com/dovecot/core/commit/6e3239d8fbe33f96352d24a563a0c7595d29dca9 Regards, Aki Tuomi
