Benny Pedersen
2009-Aug-19 05:37 UTC
[Dovecot] dovecot auth is case insensitive, but fs is sensitive :)
others have found this problem ?
this possible bug can be used by user in that way that one password
login can use 2 maildirs in filesystem effitively give them all space
qoutas and lost of other goodies
so to speak:
foo at example.com with a password can login with fOO at example.com and
fOo at example.com
add more chars to get more mailbox :/
confirms ?
i found the problem when i had horde installed
dovecot 1.1.7
--
xpoint
-------------- next part --------------
# 1.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.30-gentoo-r5 x86_64 Gentoo Base System release 1.12.11.1 ext3
base_dir: /var/run/dovecot/
protocols: pop3 imap managesieve pop3s imaps
ssl_listen: *
ssl_ca_file: /etc/ssl/certs/ca-certificates.crt
ssl_cert_file: /etc/ssl/private/home_server.pem
ssl_key_file: /etc/ssl/private/home_privatekey.pem
ssl_cipher_list: ALL:!LOW
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable(default): /usr/libexec/dovecot/imap-login
login_executable(imap): /usr/libexec/dovecot/imap-login
login_executable(pop3): /usr/libexec/dovecot/pop3-login
login_executable(managesieve): /usr/libexec/dovecot/managesieve-login
login_greeting_capability(default): yes
login_greeting_capability(imap): yes
login_greeting_capability(pop3): no
login_greeting_capability(managesieve): no
login_processes_count: 2
login_max_processes_count: 10
first_valid_uid: 125
last_valid_uid: 125
first_valid_gid: 125
last_valid_gid: 125
mail_location: maildir:/home/vmail/%d/%u/.maildir
mail_executable(default): /usr/libexec/dovecot/imap
mail_executable(imap): /usr/libexec/dovecot/imap
mail_executable(pop3): /usr/libexec/dovecot/pop3
mail_executable(managesieve): /usr/libexec/dovecot/managesieve
mail_plugins(default): quota imap_quota
mail_plugins(imap): quota imap_quota
mail_plugins(pop3): quota
mail_plugins(managesieve):
mail_plugin_dir(default): /usr/lib/dovecot/imap
mail_plugin_dir(imap): /usr/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/pop3
mail_plugin_dir(managesieve): /usr/lib64/dovecot/managesieve
imap_client_workarounds(default): outlook-idle
imap_client_workarounds(imap): outlook-idle
imap_client_workarounds(pop3):
imap_client_workarounds(managesieve):
pop3_lock_session(default): no
pop3_lock_session(imap): no
pop3_lock_session(pop3): yes
pop3_lock_session(managesieve): no
pop3_client_workarounds(default):
pop3_client_workarounds(imap):
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
pop3_client_workarounds(managesieve):
sieve_storage(default):
sieve_storage(imap):
sieve_storage(pop3):
sieve_storage(managesieve): /home/vmail/%d/%u/.sieve
sieve(default):
sieve(imap):
sieve(pop3):
sieve(managesieve): /home/vmail/%d/%u/.dovecot.sieve
namespace:
type: private
inbox: yes
list: yes
subscriptions: yes
auth default:
mechanisms: plain login
worker_max_count: 4
passdb:
driver: sql
args: /etc/dovecot/dovecot-sql.conf
userdb:
driver: sql
args: /etc/dovecot/dovecot-sql.conf
socket:
type: listen
client:
path: /var/spool/postfix/private/auth
mode: 432
user: postfix
group: postfix
master:
path: /var/run/dovecot/auth-master
mode: 438
Timo Sirainen
2009-Aug-19 05:41 UTC
[Dovecot] dovecot auth is case insensitive, but fs is sensitive :)
On Aug 19, 2009, at 1:37 AM, Benny Pedersen wrote:> others have found this problem ?Dovecot auth isn't case-insensitive. But MySQL is, and I guess you're using it? There are several different ways around it.
Benny Pedersen
2009-Aug-20 10:42 UTC
[Dovecot] dovecot auth is case insensitive, but fs is sensitive :) (SOLVED)
On ons 19 aug 2009 22:39:02 CEST, Benny Pedersen wrote> could you mail me that config to horde ?, but still i also like to > make a better dovecot.conf if its possible so it will say user > unknown instaed of just accept case insensitive on authjust to the mail archives, i sorted this problem with auth case error with upgrade from 1.1.7 to 1.1.16, no more problems with 2 fs users pr mysql auth super, keep up the good work all -- xpoint