Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [month] [year] [list] 
Date: Sat, 21 Feb 2004 01:51:52 -0800
From: "Hallgrimur H. Gunnarsson" <hhg@...a.is>
To: popa3d-users@...ts.openwall.com
Subject: Re: Case sensitive

On 20.02.2004 Martin Kanarr <martin@...nn.net> wrote:
> I noticed that popa3d is case sensitive, based on the POP3 RFC shouldn't POP AUTH been case insensitive and is there any option or patch available to make usernames case insensitive?  Thanks!

Afaik, the pop3 rfc does not require usernames to be case insensitive.
That decision is left to the pop3 server's discretion. In popa3d's instance,
it depends on the chosen authentication method.

For example, getpwnam() and getspnam() are usually case sensitive on linux,
unless, perhaps, if you've chosen a different nss database. This means,
that if you've chosen passwd or shadow authentication in popa3d, usernames
will be case sensitive. If you've chosen PAM, then it depends on the relevant
PAM module. I don't know if any PAM modules have an option for case insensitive
usernames.

An easy solution, and common in other pop3 servers, is to convert the username
to lowercase before it is supplied to the respective authentication mechanism.
Here's such a patch for popa3d:

http://www.data.is/~hhg/popa3d/popa3d-0.6.4-loweruser-1.diff

-- hhg
[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux