Re: [Exim] Maybe a Bug in AUTH LOGIN

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Alan Thew
Date:  
À: exim-users
Sujet: Re: [Exim] Maybe a Bug in AUTH LOGIN
On Mon, 17 Feb 2003 17:06 , Philip Hazel <ph10@???> said:

>On Mon, 17 Feb 2003, Liu Xin wrote:
>
>> It seems that as clients MTAs based on cyrus-sasl library send:
>>
>> AUTH LOGIN =
>>
>> instead of:
>>
>> AUTH LOGIN
>>
>> ( At least the sendmail in RedHat 8.0 behaves so. )
>>
>> The "=" is treated by exim as $1 that is of zero length, but it should
>> be ignored so that the user name will be $1 and the password will be $2.
>>
>> Since the LOGIN mechanism is not officially documented, I wonder should
>> this problem be of exim's or of cyrus-sasl's? And will the exim developers
>> be willing to make exim compatible with such "AUTH LOGIN ="?
>
>Sigh.
>
>LOGIN was invented and first used by Pine. It seems still to be working
>fine. The "specification" (which does not exist) is definitely just to
>send AUTH LOGIN with no data. I believe that to send any additional data
>is an error. I googled around, and certainly saw examples that claimed
>to be sendmail behaving "correctly". Is there some configuration that
>might change this?
>
>LOGIN has been in use in Exim for a number of years without problems.
>Why is cyrus-sasl trying to be different?
>
>I am definitely NOT enthusiastic about this. I was equally
>unenthusiastic about the other client that screwed up the authentication
>protocol in SMTP, the one that expected "AUTH=LOGIN" to be advertised.
>

Is this SASL2? Will this break the current pwcheck? Anyone tried SASL2
out in this respect?

--
Alan