[Dovecot] Problem with passwords surrounded by curly braces

Frank Kintrup frank.kintrup at fkware.com
Tue Jan 8 00:59:26 EET 2008


Hello,

one of my users set his password to something surrounded by curly braces,
and promptly all access to his mailbox was refused. After looking through
the logs I found an entry "Unknown password scheme xxxx", where "xxxx"
is the user's password, but without the curly braces.
I then browsed through the documentation and there was explained that it
is possible to prefix the password with the password scheme in curly
braces, like "{PLAIN}xxxx" where xxxx is the password itself.

Manually altering the users password in the database to "{PLAIN}xxxx"
(where "xxxx" is the user's password WITH curly braces) fixed this problem
for me at this time, but the time a user chooses such a strange password
I would have to edit the table again. So in my opinion the {SCHEME}-prefix
is not a useful thing. Why would anyone need it, anyway? Shouldn't all
passwords have the same scheme which is set in the dovecot.conf file once?

If the feature is indeed used: with a database lookup it should be
replaced by an optional database field or, if that's not possible, it
should be possible to disable this feature from the config file.


Frank



More information about the dovecot mailing list