Re: [exim] Client Authentication

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Matt Mashyna
Date:  
À: exim-users
Sujet: Re: [exim] Client Authentication
Yes, that's it! Guess I didn't read the RFC correctly.

Thanks,
Matt

On Jun 2, 2005, at 7:49 PM, Fred Viles wrote:

> On 2 Jun 2005 at 18:12, Matt Mashyna wrote about
>     "[exim] Client Authentication":

>
> | I'm working on a mail client and I'm having some trouble with PLAIN
> | authentication and Exim. With other servers, like Postfix for
> | example, the client says EHLO and gets a list of authentication
> | schemes, among other useful info. With Postfix my client can send
> | AUTH LOGIN PLAIN\n
>
> Your client is broken. The AUTH command consists of the keyword
> AUTH, followed by a keyword matching *one* of the advertised
> authentication methods (LOGIN *or* PLAIN, in this case), optionally
> followed by data depending on the authentication method.
>
> | client sends the b64 user name, gets a request for a password, it
> | sends the b64 password and then the authentication is either
> excepted
> | or rejected.
>
> If the server also prompted for the username, not just the password,
> that's the standard AUTH LOGIN method. It sounds like Postfix just
> ignored the invalid data at the end of your "AUTH LOGIN" command.
>
> | When I try to do this with an Exim server it immediately says
> | "Invalid base64 data"
>
> Right, that's because the plaintext authenticator accepts AUTH PLAIN
> syntax, where the credentials are supplied on the AUTH command so
> there's no prompting. If anything follows the method name, it is
> assumed to be the b64-encoded credentials.
>
> |...
> | Any help would be greatly appreciated.
>
> Fix your client to either follow the LOGIN method:
>
> - Send "AUTH LOGIN"
> - Receive b64 encoded "User Name" prompt
> - Send b64 encoded username
> - Receive b64 encoded "Password" prompt
> - Send b64 encoded password
>
> OR the PLAIN method:
>
> - Send "AUTH PLAIN auth-text"
> where auth-text is the string "\0username\0password", without the
> quotes but *with* the two NUL characters, b64 encoded.
>
> AUTH PLAIN would be preferable, since unlike AUTH LOGIN it is an RFC
> standard. Even more preferable would be implementing CRAM-MD5, so
> you're not sending the credentials in plain text.
>
> - Fred
>
>
>
>
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
>
>
>