On Thu, 2003-07-03 at 22:43, Lars Clausen wrote:
062.107.004.050.49653-128.174.246.068.00110: auth plain AG1p2YtlQBebz12YmXQ
128.174.246.068.00110-062.107.004.050.49653: -ERR Unsupported authentication mechanism.
It seems to me that sending 'auth plain <MD5>' is against the RFCs (1734, 2195, 1939). What can be done about this?
Hmm. It looks like it tried to send SASL's "initial response" in the AUTH command itself. I also don't see any RFCs mentioning that it should be supported, but at least UW-IMAP does seem to support it.
I'm not sure if I should bother adding support since it's not required by any RFCs and it would require larger changes to my code..
Also the data after auth plain should have been base64 encoded user and password, but decoding the above shows only garbage..
I'm also curious why MD5 auth is not allowed for shadow passwords whenthat has been standard on Linux for a while now. Or am I missing something?
What do you mean by MD5 auth? DIGEST-MD5 requires storing password in it's own special way. APOP and CRAM-MD5 require storing the password in plaintext.