On Wed, Nov 19, 2008 at 08:44:21AM +0200, Fredrik Grönqvist wrote:
Yes, I agree that it should be in UTF-8. My specific problem is that about 80% (a rough estimate) of our users are on either Windows or webmail. Those having passwords containing umlauts etc can log on, using their current client, if the passwords are kept ISO-8859-1 encoded instead of UTF-8.
As Timo pointed out, the options to "fix" this on the server side are currently quite limited, so it seems I have to stick to the lowest common denominator in our password policy.
If you only have to support two or three different charsets, I think you could use a clever MySQL passdb query to match either of them.
Have a look at http://wiki.dovecot.org/AuthDatabase/SQL under "Password verification by SQL server", and expand the password match to something like (passwd = PASSWORD('%w') OR passwd = PASSWORD(CONVERT(_latin1'%w' USING utf8))) assuming you store the passwords as UTF-8 and assume the input is either UTF-8 or ISO-8859-1.
Geert