Re: IMAP plain text authentication



On 2001.10.24 23:17:14 +0100 Myroslava Dzikovska wrote:
> I meant to attach this to the previous message, because it went only to
> Pawel, but maybe others will have suggestions. This is what I get on
> CAPABILITY
> 
> * OK CommuniGate Pro IMAP Server 3.4.8 at backend1.aha.ru ready
> 111 CAPABILITY
> * CAPABILITY IMAP4 IMAP4REV1 ACL NAMESPACE UIDPLUS IDLE LITERAL+ QUOTA
> STARTTLS ID MULTIAPPEND AUTH=LOGIN AUTH=PLAIN AUTH=CRAM-MD5
> AUTH=DIGEST-MD5
> 111 OK completed
> 

"STARTTLS AUTH=LOGIN AUTH=PLAIN AUTH=CRAM-MD5"

hurgh. broken broken broken.

not only the severs advertises STARTTLS *with* AUTH=LOGIN AUTH=PLAIN
instead of LOGINDISABLED but it seems to also advertise exactly the same
thing *after* STARTTLS

some communigate testing:

openssl s_client -connect 195.8.0.41:simap
[ssl negotiation]
* OK CommuniGate Pro IMAP Server 3.4.8 at rh7 ready
1 CAPABILITY
* CAPABILITY IMAP4 IMAP4REV1 ACL NAMESPACE UIDPLUS IDLE LITERAL+ QUOTA
STARTTLS ID MULTIAPPEND AUTH=LOGIN AUTH=PLAIN AUTH=CRAM-MD5 AUTH=DIGEST-MD5
1 OK completed
1 STARTTLS
1 NO already secured

this is pretty stupid.

despite all this, i managed to login in a test cg3.4.8 setup using
TLS and CRAM-MD5. are you sure you're using the correct password ? :)

cheers


--
Carlos Morgado - chbm(at)chbm(dot)nu - http://chbm.nu/ -- gpgkey: 0x1FC57F0A
http://wwwkeys.pgp.net/ FP:0A27 35D3 C448 3641 0573 6876 2A37 4BB2 1FC5 7F0A
Software is like sex; it's better when it's free. - Linus Torvalds





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]