Web interface password -- characters permitted
Michael Sweet
mike at easysw.com
Mon Jul 24 12:14:01 PDT 2006
Matt Broughton wrote:
> Mac OS X 10.4.7 with CUPS 1.1.23
>
> There was a recent thread on the Apple discussion boards about what
> characters are acceptable in a password. It would appear that any
> "non-English" character used in password will not be accepted by the web
> interface authentication.
>
> I tried setting an administrator's password using Greek letters "ååçç"
> (unicode characters \303\247\303\247\303\245\303\245). This works for
> logging into the user's account in OS X and for 'su' or 'sudo' in the
> Terminal. Trying to access the administration section of the CUPS web
> interface does not work however. The error log showed "IsAuthenticated:
> pam_authenticate () returned 7 (Authorization failure)!"
>
> Is this a limitation of the CUPS? It appears that printer queues can
> have a name using these characters. It is just the web authentication
> that fails.
My guess would be this is either a PAM bug on Mac OS X or an issue
of the wrong encoding (character set) being used for the characters.
AFAIK, the HTTP spec doesn't discuss what character set is required,
however all URIs need to use UTF-8 so I'd guess that the username and
password should be passed as UTF-8, and the PAM module on OSX needs
to convert the password from UTF-8 as needed (I don't know if they
use UTF-8 or UTF-16 to do the actual password hash...)
There is also the issue of NFC vs NFD (and NFKC and NFKD)
representations - a single character can be represented as a base
character + zero or more composition characters.
Anyways, I would file a bug report with Apple about this...
--
______________________________________________________________________
Michael Sweet, Easy Software Products mike at easysw dot com
Internet Printing and Document Software http://www.easysw.com
More information about the cups
mailing list