[Dovecot] Password authentication and character set

Timo Sirainen tss at iki.fi
Tue Nov 18 19:03:04 EET 2008


On Tue, 2008-11-18 at 17:26 +0100, Geert Hendrickx wrote:
> On Tue, Nov 18, 2008 at 05:51:05PM +0200, Timo Sirainen wrote:
> > On Nov 18, 2008, at 5:32 PM, Fredrik Grönqvist wrote:
> > 
> > >Is there a setting that "forces" the authentication daemon to  
> > >convert the provided password to a specific charset before the  
> > >comparison takes place, or how should one handle this?
> > 
> > Dovecot doesn't know the character set that the client is using, so it  
> > can't do charset conversion reliably. So the possibilities would be:
> 
> It seems like this is a limitation in the IMAP protocol.  From RFC 3501:

I remember reading something about using UTF-8 and stringprep in
authentication strings, probably some SASL spec or something. Dovecot
should implement it some day.. But that won't help in any way if the
client doesn't send the password as UTF-8.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20081118/afcc32f2/attachment-0001.bin 


More information about the dovecot mailing list