[Dovecot] Auth problems against Eudora
Timo Sirainen
tss at iki.fi
Sun Jul 6 23:11:35 EEST 2003
On Thu, 2003-07-03 at 22:43, Lars Clausen wrote:
> 062.107.004.050.49653-128.174.246.068.00110: auth plain AG1p2YtlQBebz12YmXQ
>
> 128.174.246.068.00110-062.107.004.050.49653: -ERR Unsupported authentication mechanism.
>
>
> It seems to me that sending 'auth plain <MD5>' is against the RFCs (1734,
> 2195, 1939). What can be done about this?
Hmm. It looks like it tried to send SASL's "initial response" in the
AUTH command itself. I also don't see any RFCs mentioning that it should
be supported, but at least UW-IMAP does seem to support it.
I'm not sure if I should bother adding support since it's not required
by any RFCs and it would require larger changes to my code..
Also the data after auth plain should have been base64 encoded user and
password, but decoding the above shows only garbage..
> I'm also curious why MD5 auth is not allowed for shadow passwords whenthat
> has been standard on Linux for a while now. Or am I missing something?
What do you mean by MD5 auth? DIGEST-MD5 requires storing password in
it's own special way. APOP and CRAM-MD5 require storing the password in
plaintext.
More information about the dovecot
mailing list