Hello Daniel,
Daniel Parthey wrote:
Probably you are interested in reading the discussion from 2008: http://www.dovecot.org/list/dovecot/2008-November/035263.html
I think, a simple and robust solution would be to limit the allowed characters for user passwords in your password management system to 7-bit ASCII characters (only) and reset passwords of all users having any login problems.
Thanks for the link! I think I understood the major problem. But there is one point I couldn’t find out: From the dovecot auth-log I traced a password (Täst1234) with Umlaut:
D-AS01:/var/log # grep st1234\) mail | cut -c 127-134 | hexdump -C 00000000 54 e4 73 74 31 32 33 34 0a |T.st1234.| 00000009
As you can see this is ISO-8859-1: e4 --> ä But the first incoming String from the client was UTF-8 encoded!?
[Tue Aug 07 10:56:37 2012] [debug] mod_dumpio.c(74): mod_dumpio: dumpio_in (data-TRANSIENT): _pass=T%C3%A4st1234
Anyway... I guess I have to force our users to 7-bit Characters :-(
Greetings, Helge
Helge Wiethoff Medienzentrum Telefon: +49 (234) 968 8717 Fax: +49 (234) 968 3453 E-Mail: Wiethoff@tfh-bochum.de
Technische Fachhochschule Georg Agricola für Rohstoff, Energie und Umwelt zu Bochum Staatlich anerkannte Fachhochschule der DMT-Gesellschaft für Lehre und Bildung mbH Herner Straße 45 44787 Bochum http://www.tfh-bochum.de
Träger: DMT-Gesellschaft für Lehre und Bildung mbH Sitz der Gesellschaft: Bochum Registergericht: Amtsgericht Bochum Handelsregister: B 4052
Geschäftsführung: Prof. Dr. Jürgen Kretschmann (Vorsitzender) Manfred Freitag