[Dovecot] Password authentication and character set

Fredrik Grönqvist fredrik.gronqvist at gmail.com
Wed Nov 19 08:44:21 EET 2008

19.11.2008 01:34, Geert Hendrickx wrote:
> On Tue, Nov 18, 2008 at 10:00:00PM +0200, Fredrik Grönqvist wrote:
>> Yes, I see. So in light of this and the conversation on the imap-protocol
>> -list
>> http://mailman2.u.washington.edu/pipermail/imap-protocol/2008-February/000822.html 
>> our current options seem to boil down to having the passwords ISO-8859-1 
>> encoded (given the demographics of our users).
>> Those using operating systems with native UTF-8 clients have to use 
>> passwords containing only 7-bit characters.
> Actually I would do it the other way around.  You can't really explain to
> your UTF-8 using users "you should use that older client instead of this
> newer one to make your login work".  And some day you'll have to switch to
> UTF-8 anyway.
Yes, I agree that it should be in UTF-8. My specific problem is that 
about 80% (a rough estimate) of our users are on either Windows or 
webmail. Those having passwords containing umlauts etc can log on, using 
their current client, if the passwords are kept ISO-8859-1 encoded 
instead of UTF-8.

>> I didn't realise the specifications were so flexible on this password
>> issue.
> s/flexible/vague/ :-)
> The consensus on the imap-protocol list, and particularly the message you
> refer to, seems to be "we should replace ASCII with UTF-8 in the spec".
It does seem that way, and while I think it will be increasingly 
important in the future, I also got the feeling that this change will 
take a long time to filter down to the implementations (as both servers 
and clients need to change).

As Timo pointed out, the options to "fix" this on the server side are 
currently quite limited, so it seems I have to stick to the lowest 
common denominator in our password policy.

Chears, Fredrik

More information about the dovecot mailing list