[Dovecot] authentification failure: double quotes in password

Martin Ott martin.ott at itk-engineering.de
Mon Jun 7 11:59:26 EEST 2010


Am 25.05.2010 19:28, schrieb Timo Sirainen:
> On Mon, 2010-05-10 at 18:53 +0200, Martin Ott wrote:
>> auth(default): Info: ldap(testuser 77.22.xx.xxx): invalid credentials 
>> (given password: xxxxx"xxxxxxx)
> 
> So I guess that's with auth binding?

yes, that is with auth binding

> 
>> Which chars in passwords does the dovecot auth process not like?
>> Is there something similar to auth_username_chars for passwords?
> 
> No. All chars are valid. Perhaps this is OpenLDAP/AD bug? The code to do
> auth binding looks like:
> 
> 	request->msgid = ldap_bind(conn->ld, brequest->dn,
> 				   request->auth_request->mech_password,
> 				   LDAP_AUTH_SIMPLE);
> 
> There's no escaping for the password. I don't see how it could be
> Dovecot's fault.

we've forbidden double quotes in our password policy now

thanks for your efforts!
Martin


More information about the dovecot mailing list