[Dovecot] Trim trailing whitespace from username
Cassidy Larson
alandaluz at gmail.com
Thu May 29 01:46:37 EEST 2008
If you're using MySQL for your database driver you can easily use the TRIM()
function in your query to strip off leading and ending whitespace
characters. I do that and a "LCASE()" to
force<http://dev.mysql.com/doc/refman/5.0/en/string-functions.html#function_trim>the
usernames to lowercase in the query.
I spoke too soon. Dovecot still complains about the invalid character. While
> testing I had forgotten to update to remove <space> from username_chars. I
> should have known really, since the invalid chars check is done before
> var_expand() in auth_request_fix_username().
>
> Any other ideas? Adding <space> to the username_chars list doesn't seem
> like a security threat, but honestly I don't know much about that.
>
> David
>
> ### From the log:
>
> dovecot: auth(default): client in: AUTH 1 LOGIN service=smtp
> resp=ZGpvbmFzQHZpdGFsd2Vya3MuY29tIA==
> dovecot: auth(default): auth(?): Invalid username: djonas at vitalwerks.com
> dovecot: auth(default): login(?): Username contains disallowed character:
> 0x20
> dovecot: auth(default): client out: FAIL 1
>
> # dovecot -n
> # 1.1.rc5: /usr/local/dovecot-1.1/etc/dovecot-auth.conf
> ...
> disable_plaintext_auth: no
> ...
> auth default:
> mechanisms: login plain cram-md5
> ...
> username_chars:
> abcdefghijklmnopqrstuvwxyzDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_ at ABC
> username_translation: %@
> username_format: %LTu
> verbose: yes
> debug: yes
> debug_passwords: yes
> passdb:
> driver: sql
> args: /usr/local/dovecot-1.1/etc/dovecot-sql.conf
> userdb:
> driver: prefetch
> socket:
> type: listen
> client:
> path: /var/spool/postfix-smtp-auth/private/auth
> mode: 432
> user: postfix
> group: postfix
>
>
More information about the dovecot
mailing list