Passwords containing backslash - problem.

Dan White dwhite at olp.net
Tue Jul 19 17:54:16 EDT 2011


On 19/07/11 16:50 -0300, Lauro Costa G. Borges wrote:
>
>   Hi,
>
>   I am using
>
>-----
>libsasl2-2 v2.1.23.dfsg1-5ubuntu1
>libsasl2-modules v2.1.23.dfsg1-5ubuntu1
>libsasl2-modules-ldap v2.1.23.dfsg1-5ubuntu1
>sasl2-bin v2.1.23.dfsg1-5ubuntu1
>-----
>
>   and I noticed that when users have a password containing a backslash
>or a double backslash, it is not correctly handled by saslauthd (I think).
>
>   My 1st scenario is: users connect to Webmail, which connects to
>imapproxy, and then, imap server. This works ok, saslauthd is not used.
>
>   My 2nd scenario is: users try to send mails using Roundcube, which
>connects to smtp server (Postfix), and Postfix uses saslauthd. This
>does not work.
>
>   The same password works when connecting directly to imapproxy or
>imap, or even to webmail (just to check mails, not to send them).
>
>   Even testsaslauthd -u -p does not work. I tried:
>
>    testsaslauthd -u username -p "somechars\morechars" (user has a pw
>with 1 backslash)
>
>     testsaslauthd -u username -p "somechars\\morechars" (user has a pw
>with 1 backslash)
>
>     testsaslauthd -u username -p somechars\\morechars (user has a pw
>with 1 backslash)
>
>     testsaslauthd -u username -p somechars\\morechars (user has a pw
>with 2 backslashes)
>
>
>   Does saslauthd handle backslashes ok for the rest of you? Cause it
>doesn't seem to handle it with testsaslauthd or as a Postfix auth daemon.

I can't reproduce this problem while using the PAM backend. Which saslauthd
backend are you using? If relevant, what sasl configuration is your imap
server using?

Both of these work for me:

testsaslauthd -u username -p 'test\1234'
testsaslauthd -u username -p test\\1234

Where the password is:

test\1234

-- 
Dan White


More information about the Cyrus-sasl mailing list