[Dovecot] Password field limitations
Hi,
I've searched the WIKI for this information but seem unable to find anything about it.
What limitations are imposed on the password for IMAP/POP3 users? I've had a customer saying they can't use passwords which contain "." or ":", and some seem to have problems when the password is 8 characters.
I use PLAIN authentication, passwords are stored in a MySQL database.
Thanks a lot
Tom Sommer
On 12/23/2008, Tom Sommer (mail@tomsommer.dk) wrote:
What limitations are imposed on the password for IMAP/POP3 users? I've had a customer saying they can't use passwords which contain "." or ":", and some seem to have problems when the password is 8 characters.
If I'm not mistaken, dovecot doesn't care - this will be a limitation of your Filesystem and/or password storage tool... in this case, MySQL...
--
Best regards,
Charles
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Charles Marcus said the following on 23/12/08 18:06:
What limitations are imposed on the password for IMAP/POP3 users? I've had a customer saying they can't use passwords which contain "." or ":", and some seem to have problems when the password is 8 characters.
If I'm not mistaken, dovecot doesn't care - this will be a limitation of your Filesystem and/or password storage tool... in this case, MySQL...
I Use MySQL and I don't have such kind of limitations.
I would blame Tom's MySQL interface or implementation, but not MySQL itself.
Ciao, luigi
/ +--[Luigi Rosa]-- \
Scotty! Hurry, beam me uraghh^*Ôé~~~ NO CARRIER -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAklRHwIACgkQ3kWu7Tfl6ZQ6RQCgrkcOKPXzoWajareucPlEBUS2 1m8AnjxOAl6Xx3h1dBAc90qoyx0wZwaq =xYaj -----END PGP SIGNATURE-----
On 12/23/2008 12:25 PM, Luigi Rosa wrote:
If I'm not mistaken, dovecot doesn't care - this will be a limitation of your Filesystem and/or password storage tool... in this case, MySQL...
I Use MySQL and I don't have such kind of limitations.
I would blame Tom's MySQL interface or implementation, but not MySQL itself.
I certainly didn't intend to mean it was a Mysql limitation in general - I'm using it too for my user/password backend, and have all of these characters available in passwords:
`~!@#$%^&*()_-+={}|[]:;<>?,.
More than likely it is a system library or charset issue, or something like that...
--
Best regards,
Charles
Charles Marcus a écrit :
On 12/23/2008 12:25 PM, Luigi Rosa wrote:
If I'm not mistaken, dovecot doesn't care - this will be a limitation of your Filesystem and/or password storage tool... in this case, MySQL...
I Use MySQL and I don't have such kind of limitations.
I would blame Tom's MySQL interface or implementation, but not MySQL itself.
I certainly didn't intend to mean it was a Mysql limitation in general - I'm using it too for my user/password backend, and have all of these characters available in passwords:
`~!@#$%^&*()_-+={}|[]:;<>?,.
More than likely it is a system library or charset issue, or something like that...
that would be really surprising. I am most inclined to think that the password change is done via a (buggy) web interface or a buggy script. or maybe it is a PEBCAK?
so Tom needs to
reproduce the problem (to confirm the customer claim or to detect the PEBCAK)
describe how exactly the password is changed (what programs are involved)
describe what OS and software is being used.
mouss wrote:
Charles Marcus a écrit :
On 12/23/2008 12:25 PM, Luigi Rosa wrote:
If I'm not mistaken, dovecot doesn't care - this will be a limitation of your Filesystem and/or password storage tool... in this case, MySQL...
I Use MySQL and I don't have such kind of limitations.
I would blame Tom's MySQL interface or implementation, but not MySQL itself.
I certainly didn't intend to mean it was a Mysql limitation in general - I'm using it too for my user/password backend, and have all of these characters available in passwords:
`~!@#$%^&*()_-+={}|[]:;<>?,.
More than likely it is a system library or charset issue, or something like that...
that would be really surprising. I am most inclined to think that the password change is done via a (buggy) web interface or a buggy script. or maybe it is a PEBCAK?
I did some tests and it appears the limitations presented by the customer in regards to invalid characters, are indeed not reproducible.
I'll see if I can find a reproducible case with the 8 char length password, because I have indeed seen this before myself, but it might be related to the hashing algorithm used (The guy who originally made the interface decided it was smart to hash all passwords using OLD_PASSWORD() in MySQL, so I'm stuck with that for now).
Sorry for the noise.
PS. My interface is fine though, thank you.
Tom
participants (4)
-
Charles Marcus
-
Luigi Rosa
-
mouss
-
Tom Sommer