[Dovecot] Trim trailing whitespace from username

Cassidy Larson alandaluz at gmail.com
Thu May 29 01:46:37 EEST 2008


If you're using MySQL for your database driver you can easily use the TRIM()
function in your query to strip off leading and ending whitespace
characters. I do that and a "LCASE()" to
force<http://dev.mysql.com/doc/refman/5.0/en/string-functions.html#function_trim>the
usernames to lowercase in the query.

I spoke too soon. Dovecot still complains about the invalid character. While
> testing I had forgotten to update to remove <space> from username_chars. I
> should have known really, since the invalid chars check is done before
> var_expand() in auth_request_fix_username().
>
> Any other ideas? Adding <space> to the username_chars list doesn't seem
> like a security threat, but honestly I don't know much about that.
>
> David
>
> ### From the log:
>
> dovecot: auth(default): client in: AUTH 1       LOGIN   service=smtp
> resp=ZGpvbmFzQHZpdGFsd2Vya3MuY29tIA==
> dovecot: auth(default): auth(?): Invalid username: djonas at vitalwerks.com
> dovecot: auth(default): login(?): Username contains disallowed character:
> 0x20
> dovecot: auth(default): client out: FAIL        1
>
> # dovecot -n
> # 1.1.rc5: /usr/local/dovecot-1.1/etc/dovecot-auth.conf
> ...
> disable_plaintext_auth: no
> ...
> auth default:
>  mechanisms: login plain cram-md5
> ...
>  username_chars:
> abcdefghijklmnopqrstuvwxyzDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_ at ABC
>  username_translation: %@
>  username_format: %LTu
>  verbose: yes
>  debug: yes
>  debug_passwords: yes
>  passdb:
>    driver: sql
>    args: /usr/local/dovecot-1.1/etc/dovecot-sql.conf
>  userdb:
>    driver: prefetch
>  socket:
>    type: listen
>    client:
>      path: /var/spool/postfix-smtp-auth/private/auth
>      mode: 432
>      user: postfix
>      group: postfix
>
>


More information about the dovecot mailing list