[Dovecot] [ #14832]: Capital letters in POP3 logins

Gerald V. Livingston II gerald.dovecot at sysmatrix.net
Wed Mar 30 23:45:27 EEST 2005 

On Wed, 30 Mar 2005 14:03:49 -0500 John Peacock <jpeacock at rowman.com>
wrote:

> Gerald V. Livingston II wrote:
> > What I don't understand is -- all usernames in my test database are stored
> > in lower case -- shouldn't it simply fail to match and cause the login to
> > fail? Can anyone point out how to force the match to be case sensitive?
> 
> If you are using MySQL, all string comparisons are case insensitive by 
> default.

To make username case sensitive at login so it fails if it doesn't match
what's in your database change this in your dovecot-mysql.conf:

password_query = SELECT password FROM mailbox WHERE username = BINARY '%u'

NOTE: this means that you have to make sure ALL database entries are in the
case you want used. This just makes login FAIL if the username does not
match EXACTLY what is stored in the database.

Now, it would be nice to be able to CONVERT username case to lower-case
before checking against the database and remove the exact match criteria.
this would avoid my having to explain to customers that they have to log in
using all lower case but can, in fact, put mixed case in the "email
address" and "reply to" field of their email clients. It would also avoid
the occasional problem I know I'll have with techs entering new customer
email addresses exactly as they request them, case and all. PostFix uses
lower case on delivery (or else it delivers to the "closest match" --
haven't done full testing yet -- my install of postfix.admin seems to
convert to lower before writing new info to the database so I'll have to
create an uppercase user by hand).

> > It would be "nicer" though if
> > Dovecot converted all username input to lower case before authenticating to
> > maintain uniqueness of email addresses.

> No, it should be a configurable option, since some sites would want that 
> and others wouldn't...

You are correct of course. It's just that with the introduction of M$
clients to the internet case sensitive "usernames" got FUBARd many years
ago. My first linux machines had several logins that I used for different
purposes. Gerald, geralD, GERALD, etc. They each had different 'sudo'
rights for certain system maintenance rights. When I got "net-connected"
with Liux I got out of that habit.

Gerald

More information about the dovecot mailing list