[Dovecot] Password authentication and character set
Timo Sirainen
tss at iki.fi
Tue Nov 18 17:51:05 EET 2008
On Nov 18, 2008, at 5:32 PM, Fredrik Grönqvist wrote:
> Is there a setting that "forces" the authentication daemon to
> convert the provided password to a specific charset before the
> comparison takes place, or how should one handle this?
Dovecot doesn't know the character set that the client is using, so it
can't do charset conversion reliably. So the possibilities would be:
a) UTF-8 vs. another 8bit charset can be detected pretty well by
checking if the input string is valid UTF-8 or not. So there could be
a setting to specify the fallback charset.
b) Just brute force through all the configured charsets and test the
password against all of them.
I don't really like either solution and I don't have much interest in
coding those myself. Feel free to do it yourself though, I might even
accept patches. :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20081118/3f713310/attachment.bin
More information about the dovecot
mailing list