1 (edited by jobu 2014-07-31 16:45:45)

Topic: max. user password length

==== Required information ====
- iRedMail version: 0.8.7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Linux/BSD distribution name and version: Debian Wheezy
- Related log if you're reporting an issue: /var/log/dovecot.log
====

I'm trying to debug a password problem here and could need a little help. i adjusted the password settings a while ago under /usr/share/apache2/iredadmin/settings.py and  /usr/share/apache2/roundcubemail/plugins/password/config.inc.php - all seems to work fine. password_log is set to true, but where can i find it to debug the further problem ... a long user password (e.g. 80 digits, no special charakters) is set via roundcube webinterface and works fine at the roundcube login. But ... i doesn't work via IMAP using Thunderbird:

auth: Info: ldap(user@example.com): invalid credentials

The maximum password length in iRedAdmin-Pro (profile of domain) is set to 0. I can't see any any limitations in dovecot.conf.
Is there a max. size-limitation anywhere or something else i need to tweek ?

Best regards.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: max. user password length

80 digits? wow, but why so long?

I didn't see Dovecot document mentions limits of password length, maybe it's mentioned somewhere, but i didn't read it before.
Does it work with other mail client applications? Maybe it's a restriction in Thunderbird?

3

Re: max. user password length

You can turn on debug in Dovecot (IMAP server) to see the real password it reads from Thunderbird, maybe Thunderbird didn't use the full password due to its internal password length limit.

4

Re: max. user password length

I'll try the dovecot logging later. the user who came to me with it uses mac mail, iguess, i tried and confirmes with thunderbird.
Were are the users passwords stored anyway - in an openldap berkley-DB ?

5

Re: max. user password length

Using auth_debug_passwords=yes and auth_verbose_passwords=sha1 in dovecot.conf showed that in my case thunderbird submitted the old password for any reason. By using the password-manager and restarting thunderbird it worked with a password like "Linux is like a wigwam, no gates, no windows, but an apache inside.".

Thanks for help !