[Dovecot] Password field limitations

[Tom Sommer]

mouss wrote:
> Charles Marcus a écrit :
>   
>> On 12/23/2008 12:25 PM, Luigi Rosa wrote:
>>     
>>>> If I'm not mistaken, dovecot doesn't care - this will be a limitation of
>>>> your Filesystem and/or password storage tool... in this case, MySQL...
>>>>         
>>> I Use MySQL and I don't have such kind of limitations.
>>>
>>> I would blame Tom's MySQL interface or implementation, but not MySQL itself.
>>>       
>> I certainly didn't intend to mean it was a Mysql limitation in general -
>> I'm using it too for my user/password backend, and have all of these
>> characters available in passwords:
>>
>> `~!@#$%^&*()_-+={}|[]:;<>?,.
>>
>> More than likely it is a system library or charset issue, or something
>> like that...
>>
>>     
>
> that would be really surprising. I am most inclined to think that the
> password change is done via a (buggy) web interface or a buggy script.
> or maybe it is a PEBCAK?
>   
I did some tests and it appears the limitations presented by the 
customer in regards to invalid characters, are indeed not reproducible.

I'll see if I can find a reproducible case with the 8 char length 
password, because I have indeed seen this before myself, but it might be 
related to the hashing algorithm used (The guy who originally made the 
interface decided it was smart to hash all passwords using 
OLD_PASSWORD() in MySQL, so I'm stuck with that for now).

Sorry for the noise.

PS. My interface is fine though, thank you.
--
Tom