Passwords containing backslash - problem.

Lauro Costa G. Borges laurocgb at grad.ufsc.br
Wed Jul 20 09:50:12 EDT 2011


Citando Dan White <dwhite at olp.net>:

> On 19/07/11 16:50 -0300, Lauro Costa G. Borges wrote:
>>
>>  Hi,
>>
>>  I am using
>>
>> -----
>> libsasl2-2 v2.1.23.dfsg1-5ubuntu1
>> libsasl2-modules v2.1.23.dfsg1-5ubuntu1
>> libsasl2-modules-ldap v2.1.23.dfsg1-5ubuntu1
>> sasl2-bin v2.1.23.dfsg1-5ubuntu1
>> -----
>>
>>  and I noticed that when users have a password containing a backslash
>> or a double backslash, it is not correctly handled by saslauthd (I think).
>>
>>  My 1st scenario is: users connect to Webmail, which connects to
>> imapproxy, and then, imap server. This works ok, saslauthd is not used.
>>
>>  My 2nd scenario is: users try to send mails using Roundcube, which
>> connects to smtp server (Postfix), and Postfix uses saslauthd. This
>> does not work.
>>
>>  The same password works when connecting directly to imapproxy or
>> imap, or even to webmail (just to check mails, not to send them).
>>
>>  Even testsaslauthd -u -p does not work. I tried:
>>
>>   testsaslauthd -u username -p "somechars\morechars" (user has a pw
>> with 1 backslash)
>>
>>    testsaslauthd -u username -p "somechars\\morechars" (user has a pw
>> with 1 backslash)
>>
>>    testsaslauthd -u username -p somechars\\morechars (user has a pw
>> with 1 backslash)
>>
>>    testsaslauthd -u username -p somechars\\morechars (user has a pw
>> with 2 backslashes)
>>
>>
>>  Does saslauthd handle backslashes ok for the rest of you? Cause it
>> doesn't seem to handle it with testsaslauthd or as a Postfix auth daemon.
>
> I can't reproduce this problem while using the PAM backend. Which saslauthd
> backend are you using? If relevant, what sasl configuration is your imap
> server using?
>
> Both of these work for me:
>
> testsaslauthd -u username -p 'test\1234'
> testsaslauthd -u username -p test\\1234
>
> Where the password is:
>
> test\1234
>
> -- 
> Dan White

   Hi,

  Saslauthd at the smtp server uses RIMAP as the backend, and the  
remote imap server to which it connects (Dovecot) does not use  
saslauthd, it uses LDAP. As I said before, this imap server can  
understand backslashes in the password, since I successfully  
authenticated on it using telnet.

  Thanks



----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.




More information about the Cyrus-sasl mailing list