Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Order Openwall GNU/*/Linux 2.0 on a CD with delivery worldwide
[<prev] [next>] [<thread-prev] [month] [year] [list] 
Date: Wed, 1 Jan 2003 03:15:04 +0100
From: Tim van Erven <tve@...mig.net>
To: popa3d-users@...ts.openwall.com
Subject: Re: '.' and '/' in usernames

On Tue, 31/12/2002 08:52 +0300, Solar Designer wrote:
> On Tue, Dec 31, 2002 at 06:07:26PM +0100, Tim van Erven wrote:
>> Popa3d rejects usernames with dots ('.') in them and I believe it also
>> rejects usernames containing any slashes ('/'), though I haven't tested
>> the latter.
> 
> No, it doesn't.  The code you're referring to is only an example of
> setting up virtual domains.  It's not used for Unix accounts, and
> actual virtual domain setups may use different user database formats,
> possibly without such restrictions.

I see.

>> AFAICT, rfc 1939 allows usernames consisting of any printable ASCII
>> characters (and being no longer than 40 characters). Surely '.' and '/'
>> are printable characters.
> 
> That's true, but it doesn't mean that a POP3 server (setup) which
> disallows these characters isn't RFC-compliant.  The RFC doesn't
> require that it's possible for a server admin to create such
> usernames, it merely specifies that such usernames may be passed over
> the POP3 protocol.

Ah, very informative.

Thanks for clearing those up.

-- 
Tim van Erven <tve@...mig.net>
OpenPGP Key ID: 712CB811        Fingerprint: F6C9 61EE 242C C012 36D5
WWW: http://www.science.uva.nl/~talerven/    BBF8 6310 D557 712C B811

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux