Timo Sirainen wrote:
On Fri, 2008-05-16 at 00:48 -0700, David Jonas wrote:
Recently we changed Postfix to use Dovecot for our SASL authentication and we ran into trouble with some of our clients having extraneous spaces at the end of their usernames. The quick fix was to add a space to username_chars. The slightly longer fix was a pretty simple patch to Dovecot. I put the trimming in auth_request_fix_username. I didn't think it warranted a full strfuncs function.
If there is a better way to do this I'm all ears. I don't really like patching with my own code, even if I did essentially steal if from the kernel's strstrip().
How about this: http://hg.dovecot.org/dovecot-1.1/rev/15ddb7513e2d
Then you can use auth_username_format = %Tu
I spoke too soon. Dovecot still complains about the invalid character. While testing I had forgotten to update to remove <space> from username_chars. I should have known really, since the invalid chars check is done before var_expand() in auth_request_fix_username().
Any other ideas? Adding <space> to the username_chars list doesn't seem like a security threat, but honestly I don't know much about that.
David
### From the log:
dovecot: auth(default): client in: AUTH 1 LOGIN service=smtp resp=ZGpvbmFzQHZpdGFsd2Vya3MuY29tIA== dovecot: auth(default): auth(?): Invalid username: djonas@vitalwerks.com dovecot: auth(default): login(?): Username contains disallowed character: 0x20 dovecot: auth(default): client out: FAIL 1
# dovecot -n # 1.1.rc5: /usr/local/dovecot-1.1/etc/dovecot-auth.conf ... disable_plaintext_auth: no ... auth default: mechanisms: login plain cram-md5 ... username_chars: abcdefghijklmnopqrstuvwxyzDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ABC username_translation: %@ username_format: %LTu verbose: yes debug: yes debug_passwords: yes passdb: driver: sql args: /usr/local/dovecot-1.1/etc/dovecot-sql.conf userdb: driver: prefetch socket: type: listen client: path: /var/spool/postfix-smtp-auth/private/auth mode: 432 user: postfix group: postfix