Timo Sirainen wrote:
On Fri, 2008-05-16 at 00:48 -0700, David Jonas wrote:
Recently we changed Postfix to use Dovecot for our SASL authentication
and we ran into trouble with some of our clients having extraneous
spaces at the end of their usernames. The quick fix was to add a space
to username_chars. The slightly longer fix was a pretty simple patch to
Dovecot. I put the trimming in auth_request_fix_username. I didn't think
it warranted a full strfuncs function.
If there is a better way to do this I'm all ears. I don't really like
patching with my own code, even if I did essentially steal if from the
kernel's strstrip().
How about this: http://hg.dovecot.org/dovecot-1.1/rev/15ddb7513e2d
Then you can use auth_username_format = %Tu
I spoke too soon. Dovecot still complains about the invalid character.
While testing I had forgotten to update to remove <space> from
username_chars. I should have known really, since the invalid chars
check is done before var_expand() in auth_request_fix_username().
Any other ideas? Adding <space> to the username_chars list doesn't seem
like a security threat, but honestly I don't know much about that.
David
### From the log:
dovecot: auth(default): client in: AUTH 1 LOGIN service=smtp
resp=ZGpvbmFzQHZpdGFsd2Vya3MuY29tIA==
dovecot: auth(default): auth(?): Invalid username: [EMAIL PROTECTED]
dovecot: auth(default): login(?): Username contains disallowed
character: 0x20
dovecot: auth(default): client out: FAIL 1
# dovecot -n
# 1.1.rc5: /usr/local/dovecot-1.1/etc/dovecot-auth.conf
...
disable_plaintext_auth: no
...
auth default:
mechanisms: login plain cram-md5
...
username_chars:
[EMAIL PROTECTED]
username_translation: %@
username_format: %LTu
verbose: yes
debug: yes
debug_passwords: yes
passdb:
driver: sql
args: /usr/local/dovecot-1.1/etc/dovecot-sql.conf
userdb:
driver: prefetch
socket:
type: listen
client:
path: /var/spool/postfix-smtp-auth/private/auth
mode: 432
user: postfix
group: postfix
