[Dovecot] Password authentication and character set
fredrik.gronqvist at gmail.com
Wed Nov 19 08:44:21 EET 2008
19.11.2008 01:34, Geert Hendrickx wrote:
> On Tue, Nov 18, 2008 at 10:00:00PM +0200, Fredrik Grönqvist wrote:
>> Yes, I see. So in light of this and the conversation on the imap-protocol
>> our current options seem to boil down to having the passwords ISO-8859-1
>> encoded (given the demographics of our users).
>> Those using operating systems with native UTF-8 clients have to use
>> passwords containing only 7-bit characters.
> Actually I would do it the other way around. You can't really explain to
> your UTF-8 using users "you should use that older client instead of this
> newer one to make your login work". And some day you'll have to switch to
> UTF-8 anyway.
Yes, I agree that it should be in UTF-8. My specific problem is that
about 80% (a rough estimate) of our users are on either Windows or
webmail. Those having passwords containing umlauts etc can log on, using
their current client, if the passwords are kept ISO-8859-1 encoded
instead of UTF-8.
>> I didn't realise the specifications were so flexible on this password
> s/flexible/vague/ :-)
> The consensus on the imap-protocol list, and particularly the message you
> refer to, seems to be "we should replace ASCII with UTF-8 in the spec".
It does seem that way, and while I think it will be increasingly
important in the future, I also got the feeling that this change will
take a long time to filter down to the implementations (as both servers
and clients need to change).
As Timo pointed out, the options to "fix" this on the server side are
currently quite limited, so it seems I have to stick to the lowest
common denominator in our password policy.
More information about the dovecot