zonie via Postfix-users:
> 
> 
> >  Wietse Venema via Postfix-users <postfix-users@postfix.org>:
> > 
> > ?zonie via Postfix-users:
> >> Hello,
> >> 
> >> currently it's not possible to specify a username containing a colon ?:? 
> >> inside a ?smtp_sasl_password_map?, as the colon is used to split username 
> >> and password from each other.
> >> 
> >> Is this limitation intentionally or was it just overlooked?
> > 
> > Just like the UNIX login name, the SASL login name can't contain
> > ':'. With Cyrus SASL configurations, they can be the same thing.
> 
> What do you mean by "they can be the same thing"?

They = the UNIX login name, the SASL login name

> I understand when you say this limitation counts for postfix server
> SASL configuration, as you mention the UNIX login name. In my case
> it's the mail provider who awaits the colon placed in the username
> and on postfix side it's just in the smtp client config.  Postfix
> should be no more frightened by a colon than by all other special
> characters that can be specified now. And I think the colon is not
> one of the bad ones, if there are any.

There has to be a way to separate fields. If we support a different
syntax, then that will have to implemented as an option, it cannot
be the default because that would break existing configutations.

> Would it be possible to introduce an escape char for
> use inside a SASL username to circumvent this limitation.

If we change the syntax of smtp_sasl_password_maps entries, then
that will require a new configuration parameter to indicate how the
lookup result should be parsed.

My preference would be:

smtp_sasl_password_map_result_delimiter 
    printable character or C escape (like \t for TAB)
    default = : (for backwards compatibility)
    must not be empty
    must not be multiple characters

I think that TAB would be sagfe for your case, unlikely to conflict
with anything in a username or password.

Less preferred, because most of Postfix configuration 
does not support \

smtp_sasl_password_map_result_escape
    printable character, like \
    default = empty (for backwards compatibility)
    disabled when empty

There are other approaches, like protecting text with quotes, like
"foo:bar":password, or prepending a length to each field value, like
7:foo:bar8:password.

        Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

Reply via email to