[cups-devel] [UNKN] STR #4557: Authentication in web interface fails with umlauts in password
Michael Sweet
noreply at cups.org
Sun Jan 4 11:55:13 PST 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
DO NOT REPLY TO THIS MESSAGE. INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.
[STR Unresolved]
OK, so the problem is that HTTP Basic (and HTTP Digest, for that matter)
does not actually specify a character set for usernames and passwords.
Depending on the browser, you'll either get ISO-8859 or Unicode masked
against 255. This problem is also not specific to CUPS, and a quick
Internet search will turn up a lot of reports of this with Apache and other
web-based services. The general guidance is to stick to ASCII usernames
and passwords if you want things to work reliably.
The HTTPAuth WG in the IETF is in the process of finalizing updates to HTTP
Basic and HTTP Digest that define a new charset parameter so that the
server (cupsd in this case) can tell the browser what character set to use
when providing the username and password.
Once that is done, we will still have some issues with making this all work
end-to-end:
1. No browser yet supports the charset parameter, so it will take some time
before Unicode usernames and passwords can be supported.
2. Even if we add the charset parameter to cupsd (super simple to do), we
have no way to know what character set is used by the PAM module.
3. Because of #2, adding the charset parameter might break things, so we'd
need a configuration parameter...
Closing this bug as "will not fix" since I can see us spending a lot of
time on this - until PAM is updated we cannot reliably support Unicode
passwords.
Sorry...
Link: https://www.cups.org/str.php?L4557
Version: 1.7.5
Fix Version: Will Not Fix
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJUqZqhAAoJENujp6sI12IjxrgQAK1xwVtypXIbP9hqlbDltj95
0AHoWwPFSBTSBeJtoktHh+H1cCNjidAMnR2NFJra9wigarKOPcte0HUzkC5lrfZe
eRYsLRfzcvQacd/0aA9m7eot+pGYaB8QitJN6iMrThLAYP9p1vLpUVS2BkHll8Xf
h3cGC7yf1WtGuBHvcxTKSIwU052gKtX54P97KGcEODivpIm1bT4kE9Sj4Kokqtzt
72zZa3ZWeF6Xl+miVQOQJ2VDBF2+u3K06Lan+/rgzM8Fqa+bq9+5xys3BLaRNFdx
l7vVkckI3FY0T0yVHhyVLQ5rv2Wgkqv0VfiCoaw9/sSXlr6ruZDzztqLeRIrUCkH
chMVbIi/WRlm6Zvk62zcKF8QqHgxOfLZgOrvoSBl9mwX2RSf2Qs1jNCOkuj+qolw
Sx6qf991It/SIHuFgHkCNftmzbKcTOKTa7WwXdqonZd3aiU9MWtXH0eiVzSsiqMB
IO0FmI/PdRvp9J4JpDJM38jPtYP/wvafv+s/HSfoTWKCfkZaCccq9t6UZVckZ7c/
/SMjIpYrBUg+hpEDfbLcTNrFsfGML5VRb1/ASZUK87InmlG8Sf0sODKAuocCGXl1
3DmwbRISGKrN32PWVXEUoWMn91QoBd9kSIKF7h46vcrhVPsjJMrdmIn99bo0uUxF
Bsr/2PtNbxK1zb8mGxrr
=lo+p
-----END PGP SIGNATURE-----
More information about the cups-devel
mailing list