18.11.2008 19:03, Timo Sirainen wrote:
On Tue, 2008-11-18 at 17:26 +0100, Geert Hendrickx wrote:
On Tue, Nov 18, 2008 at 05:51:05PM +0200, Timo Sirainen wrote:
On Nov 18, 2008, at 5:32 PM, Fredrik Grönqvist wrote:
Is there a setting that "forces" the authentication daemon to
convert the provided password to a specific charset before the
comparison takes place, or how should one handle this?
Dovecot doesn't know the character set that the client is using, so it
can't do charset conversion reliably. So the possibilities would be:
It seems like this is a limitation in the IMAP protocol. From RFC 3501:
I remember reading something about using UTF-8 and stringprep in
authentication strings, probably some SASL spec or something. Dovecot
should implement it some day.. But that won't help in any way if the
client doesn't send the password as UTF-8.
Ok, I see how this makes things problematic. One couldn't just encode it
to UTF-8 anyway and do the comparison after that (provided there would
be an option enabled)?
So basically a password containing any non 7-bit ASCII is only "correct"
when provided by a client using the same charset as the password is
stored in...
If the RFC states that the password should be provided as 7-bit ASCII
then I think I'll google for a reason why some clients send the password
as something else.
Chears, Fredrik
--
------------------------------------------------------------------------
Fredrik Grönqvist
------------------------------------------------------------------------
