[Dovecot] Testing EXTERNAL AUTHENTICATION
Hi.
I'm trying to test EXTERNAL AUTHENTICATION in Dovecot. To do this I first
configured Thunderbird and Opera to use my server, neither of them were
successful. As a result I contacted both organisations to enquire if they
supported EXTERNAL AUTHENTICATION in their products. Thunderbird
responded and said yes. However, on closer inspection my contact at
Thunderbird identified that support for EXTERNAL AUTHENTICATION was poor
at best and then only in SMTP. From that point on, my contact has been
trying to implement support in Thunderbird.
I've also try to test using openssl s_client which is detailed below. As
far as I can tell my problems appear after the authentication. I don't
know what the problem is only that there is one.
[~] # dovecot -n # 1.2.10: /opt/etc/dovecot/dovecot.conf # OS: Linux 2.6.12.6-arm1 armv5tejl ext3 base_dir: /opt/var/run/dovecot/ log_path: /opt/var/log/dovecot/messages info_log_path: /opt/var/log/dovecot/info protocols: imaps listen: [::] ssl_ca_file: /opt/etc/domain.ca/cacrl.pem ssl_cert_file: /opt/etc/domain.ca/newcerts/mail.cer ssl_key_file: /opt/etc/domain.ca/private/mail.key ssl_cipher_list: ALL:!LOW:!SSLv2 ssl_verify_client_cert: yes verbose_ssl: yes login_dir: /opt/var/run/dovecot//login login_executable: /opt/libexec/dovecot/imap-login login_process_size: 32 mail_location: dbox:/share/MD0_DATA/mail/%u mail_debug: yes dbox_rotate_days: 0 imap_id_send: * imap_id_log: * lda: postmaster_address: postmaster@ksudra.net auth default: mechanisms: EXTERNAL realms: ksudra.net default_realm: ksudra.net user: admin verbose: yes debug: yes ssl_require_client_cert: yes ssl_username_from_cert: yes passdb: driver: passwd-file args: /opt/etc/dovecot/passwd userdb: driver: passwd
[~] # openssl s_client -cert Stephen.pem -connect 10.1.1.245:993
<-- snip -->SSL handshake has read 4460 bytes and written 2451 bytes
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 4096 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: [...] Session-ID-ctx: Master-Key: [...] Key-Arg : None Krb5 Principal: None Start Time: 1268756439 Timeout : 300 (sec) Verify return code: 19 (self signed certificate in certificate chain)
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
AUTH=EXTERNAL] Dovecot ready. 01 AUTHENTICATE EXTERNAL
- 01 list "" * 01 NO [ALERT] Invalid base64 data in continued response 01 select inbox 01 BAD Error in IMAP command received by server. 02 select inbox 02 BAD Error in IMAP command received by server. DONE
[~] # tail -f /opt/var/log/dovecot/info
Mar 16 16:51:14 auth(default): Info: new auth connection: pid=9176
Mar 16 16:51:16 imap-login: Info: Valid certificate:
/O=ksudra.net/OU=Ksudra
CA/emailAddress=certs@ksudra.net/L=Wilmslow/ST=Cheshire/C=GB/CN=ksudra.net
Mar 16 16:51:16 imap-login: Info: Valid certificate:
/C=GB/ST=Cheshire/O=ksudra.net/OU=Stephen Feyrer/CN=Stephen
Mar 16 16:52:06 auth(default): Info: client in: AUTH 1
EXTERNAL service=imap secured valid-client-cert
cert_username=Stephen lip=10.1.1.245 rip=10.1.1.4
lport=993 rport=45379
Mar 16 16:52:06 auth(default): Info: client out: CONT 1
Mar 16 16:52:42 imap-login: Info: Valid certificate:
/O=ksudra.net/OU=Ksudra
CA/emailAddress=certs@ksudra.net/L=Wilmslow/ST=Cheshire/C=GB/CN=ksudra.net
Mar 16 16:52:42 imap-login: Info: Valid certificate:
/C=GB/ST=Cheshire/O=ksudra.net/OU=Stephen Feyrer/CN=Stephen
Mar 16 16:52:42 auth(default): Info: client in: AUTH 1
EXTERNAL service=imap secured valid-client-cert
cert_username=Stephen lip=10.1.1.245 rip=10.1.1.4
lport=993 rport=45381
Mar 16 16:52:42 auth(default): Info: client out: CONT 1
Mar 16 16:52:42 auth(default): Info: client in: CONT<hidden>
Mar 16 16:52:42 auth(default): Info: EXTERNAL(Stephen,10.1.1.4): Invalid
base64 data in continued response
Mar 16 16:52:42 auth(default): Info: client out: FAIL 1
reason=Invalid base64 data in continued response
Mar 16 16:52:42 auth(default): Info: new auth connection: pid=9182
Mar 16 16:52:45 auth(default): Info: client in: CONT<hidden>
Mar 16 16:52:45 auth(default): Info: EXTERNAL(Stephen,10.1.1.4): Invalid
base64 data in continued response
Mar 16 16:52:45 auth(default): Info: client out: FAIL 1
reason=Invalid base64 data in continued response
Mar 16 16:52:47 imap-login: Info: Aborted login (cert required, client
didn't start TLS): method=EXTERNAL, rip=10.1.1.4, lip=10.1.1.245, TLS
Mar 16 16:54:36 imap-login: Info: Valid certificate:
/C=GB/ST=Cheshire/O=ksudra.net/OU=Stephen Feyrer/CN=Stephen
Mar 16 16:54:36 auth(default): Info: new auth connection: pid=9188
Mar 16 16:54:37 auth(default): Info: client in: AUTH 1
EXTERNAL service=imap secured valid-client-cert
cert_username=Stephen lip=10.1.1.245 rip=10.1.1.4
lport=993 rport=49113
Mar 16 16:54:37 auth(default): Info: client out: CONT 1
Mar 16 16:54:37 auth(default): Info: client in: CONT<hidden>
Mar 16 16:54:37 auth(default): Info: EXTERNAL(Stephen,10.1.1.4): Invalid
base64 data in continued response
Mar 16 16:54:37 auth(default): Info: client out: FAIL 1
reason=Invalid base64 data in continued response
Mar 16 16:54:42 imap-login: Info: Aborted login (cert required, client
didn't start TLS): method=EXTERNAL, rip=10.1.1.4, lip=10.1.1.245, TLS
Mar 16 16:54:49 imap-login: Info: Valid certificate:
/O=ksudra.net/OU=Ksudra
CA/emailAddress=certs@ksudra.net/L=Wilmslow/ST=Cheshire/C=GB/CN=ksudra.net
Mar 16 16:54:49 imap-login: Info: Valid certificate:
/C=GB/ST=Cheshire/O=ksudra.net/OU=Stephen Feyrer/CN=Stephen
-- kind regards
Stephen Feyrer.
On Tue, 2010-03-16 at 16:57 +0000, Stephen Feyrer wrote:
I'm trying to test EXTERNAL AUTHENTICATION in Dovecot. To do this I first
configured Thunderbird and Opera to use my server, neither of them were
successful. As a result I contacted both organisations to enquire if they
supported EXTERNAL AUTHENTICATION in their products. Thunderbird
responded and said yes. However, on closer inspection my contact at
Thunderbird identified that support for EXTERNAL AUTHENTICATION was poor
at best and then only in SMTP. From that point on, my contact has been
trying to implement support in Thunderbird.
I already got a mail about it from David Bienvenu and answered it.
01 AUTHENTICATE EXTERNAL + 01 list "" *
The problem is that Dovecot (well, EXTERNAL mechanism really) expects the client to send authorization string after the AUTHENTICATE EXTERNAL command. Typically you would just give "=" line there.
Hi.
I am sorry, I didn't understand what is going on. I knew that David
Bienvenu had emailed you but I thought I'd done something to break Dovecot
in some other way. Again I'm sorry.
How can I use SASL-IR with dovecot?
-- If you think education is expensive, have you tried costing ignorance?
Stephen.
On Tue, 16 Mar 2010 17:02:48 -0000, Timo Sirainen <tss@iki.fi> wrote:
On Tue, 2010-03-16 at 16:57 +0000, Stephen Feyrer wrote:
I'm trying to test EXTERNAL AUTHENTICATION in Dovecot. To do this I
first configured Thunderbird and Opera to use my server, neither of them were successful. As a result I contacted both organisations to enquire if
they supported EXTERNAL AUTHENTICATION in their products. Thunderbird responded and said yes. However, on closer inspection my contact at Thunderbird identified that support for EXTERNAL AUTHENTICATION was poor at best and then only in SMTP. From that point on, my contact has been trying to implement support in Thunderbird.I already got a mail about it from David Bienvenu and answered it.
01 AUTHENTICATE EXTERNAL + 01 list "" *
The problem is that Dovecot (well, EXTERNAL mechanism really) expects the client to send authorization string after the AUTHENTICATE EXTERNAL command. Typically you would just give "=" line there.
Hi.
Thanks.
I am guessing then I can still play with it through openssl s_client.
-- with gratitude
Stephen
On Tue, 16 Mar 2010 18:03:38 -0000, Timo Sirainen <tss@iki.fi> wrote:
On Tue, 2010-03-16 at 18:01 +0000, Stephen Feyrer wrote:
How can I use SASL-IR with dovecot?
It's client that uses it by sending:
AUTHENTICATE EXTERNAL =
instead of:
AUTHENTICATE EXTERNAL <wait for reply>
so nothing really you can do about it..
Hi.
The tests using SASL and SASL-IR in Thunderbird both fail to
authenticate. I have tried using openssl s_client with the same result.
I've run the auth command in three ways just to be sure I got the second
example right. I even checked to make sure I've spelt my name right and
the case of the letters.
# dovecot -n # 1.2.10: /opt/etc/dovecot/dovecot.conf # OS: Linux 2.6.12.6-arm1 armv5tejl ext3 base_dir: /opt/var/run/dovecot/ log_path: /opt/var/log/dovecot/messages info_log_path: /opt/var/log/dovecot/info protocols: imaps listen: [::] ssl_ca_file: /opt/etc/domain.ca/cacrl.pem ssl_cert_file: /opt/etc/domain.ca/newcerts/mail.cer ssl_key_file: /opt/etc/domain.ca/private/mail.key ssl_cipher_list: ALL:!LOW:!SSLv2 ssl_verify_client_cert: yes verbose_ssl: yes login_dir: /opt/var/run/dovecot/login login_executable: /opt/libexec/dovecot/imap-login login_process_size: 32 mail_location: dbox:/share/MD0_DATA/mail/%u mail_debug: yes dbox_rotate_days: 0 imap_id_send: * imap_id_log: * lda: postmaster_address: postmaster@ksudra.net auth default: mechanisms: EXTERNAL realms: ksudra.net default_realm: ksudra.net user: admin verbose: yes debug: yes ssl_require_client_cert: yes ssl_username_from_cert: yes passdb: driver: passwd-file args: /opt/etc/dovecot/passwd userdb: driver: passwd
/opt/etc/dovecot/passwd Stephen:{EXTERNAL}
$ openssl s_client -cert Stephen.pem -connect 10.1.1.245:993
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
AUTH=EXTERNAL] Dovecot ready. 01 AUTHENTICATE EXTERNAL = 01 NO [AUTHENTICATIONFAILED] Authentication failed. DONE
$ tail /opt/var/log/info.log
Mar 16 21:37:18 auth(default): Info: new auth connection: pid=10161
Mar 16 21:37:19 imap-login: Info: Valid certificate:
/O=ksudra.net/OU=Ksudra
CA/emailAddress=certs@ksudra.net/L=Wilmslow/ST=Cheshire/C=GB/CN=ksudra.net
Mar 16 21:37:19 imap-login: Info: Valid certificate:
/C=GB/ST=Cheshire/O=ksudra.net/OU=Stephen Feyrer/CN=Stephen
Mar 16 21:37:39 auth(default): Info: client in: AUTH 1
EXTERNAL service=imap secured valid-client-cert
cert_username=Stephen lip=10.1.1.245 rip=10.1.1.4
lport=993 rport=55745 resp=<hidden>
Mar 16 21:37:39 auth(default): Info: passwd-file(Stephen,10.1.1.4):
lookup: user=Stephen file=/opt/etc/dovecot/passwd
Mar 16 21:37:41 auth(default): Info: client out: FAIL 1
user=Stephen
Mar 16 21:38:52 imap-login: Info: Disconnected (cert required, client
didn't start TLS): user=<Stephen>, method=EXTERNAL, rip=10.1.1.4,
lip=10.1.1.245, TLS
$ openssl s_client -cert Stephen.pem -connect 10.1.1.245:993
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
AUTH=EXTERNAL] Dovecot ready. 01 AUTHENTICATE EXTERNAL
01 NO [AUTHENTICATIONFAILED] Authentication failed. DONE
Mar 16 21:40:24 imap-login: Info: Disconnected (cert required, client
didn't start TLS): user=<Stephen>, method=EXTERNAL, rip=10.1.1.4,
lip=10.1.1.245, TLS
Mar 16 21:40:26 auth(default): Info: new auth connection: pid=10173
Mar 16 21:40:28 imap-login: Info: Valid certificate:
/O=ksudra.net/OU=Ksudra
CA/emailAddress=certs@ksudra.net/L=Wilmslow/ST=Cheshire/C=GB/CN=ksudra.net
Mar 16 21:40:28 imap-login: Info: Valid certificate:
/C=GB/ST=Cheshire/O=ksudra.net/OU=Stephen Feyrer/CN=Stephen
Mar 16 21:40:38 auth(default): Info: client in: AUTH 1
EXTERNAL service=imap secured valid-client-cert
cert_username=Stephen lip=10.1.1.245 rip=10.1.1.4
lport=993 rport=35721
Mar 16 21:40:38 auth(default): Info: client out: CONT 1
Mar 16 21:40:40 auth(default): Info: client in: CONT<hidden>
Mar 16 21:40:40 auth(default): Info: passwd-file(Stephen,10.1.1.4):
lookup: user=Stephen file=/opt/etc/dovecot/passwd
Mar 16 21:40:42 auth(default): Info: client out: FAIL 1
user=Stephen
Mar 16 21:40:47 imap-login: Info: Disconnected (cert required, client
didn't start TLS): user=<Stephen>, method=EXTERNAL, rip=10.1.1.4,
lip=10.1.1.245, TLS
$ openssl s_client -cert Stephen.pem -connect 10.1.1.245:993
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
AUTH=EXTERNAL] Dovecot ready. 01 AUTHENTICATE EXTERNAL
- 01 = 01 NO [ALERT] Invalid base64 data in continued response DONE
Mar 16 21:42:04 auth(default): Info: new auth connection: pid=10178
Mar 16 21:42:06 imap-login: Info: Valid certificate:
/O=ksudra.net/OU=Ksudra
CA/emailAddress=certs@ksudra.net/L=Wilmslow/ST=Cheshire/C=GB/CN=ksudra.net
Mar 16 21:42:06 imap-login: Info: Valid certificate:
/C=GB/ST=Cheshire/O=ksudra.net/OU=Stephen Feyrer/CN=Stephen
Mar 16 21:42:31 auth(default): Info: client in: AUTH 1
EXTERNAL service=imap secured valid-client-cert
cert_username=Stephen lip=10.1.1.245 rip=10.1.1.4
lport=993 rport=35725
Mar 16 21:42:31 auth(default): Info: client out: CONT 1
Mar 16 21:42:35 auth(default): Info: client in: CONT<hidden>
Mar 16 21:42:35 auth(default): Info: EXTERNAL(Stephen,10.1.1.4): Invalid
base64 data in continued response
Mar 16 21:42:35 auth(default): Info: client out: FAIL 1
reason=Invalid base64 data in continued response
Mar 16 21:42:55 imap-login: Info: Disconnected (cert required, client
didn't start TLS): method=EXTERNAL, rip=10.1.1.4, lip=10.1.1.245, TLS
-- Thanks
Stephen Feyrer.
On Tue, 16 Mar 2010 18:03:38 -0000, Timo Sirainen <tss@iki.fi> wrote:
On Tue, 2010-03-16 at 18:01 +0000, Stephen Feyrer wrote:
How can I use SASL-IR with dovecot?
It's client that uses it by sending:
AUTHENTICATE EXTERNAL =
instead of:
AUTHENTICATE EXTERNAL <wait for reply>
so nothing really you can do about it..
On 17.3.2010, at 0.04, Stephen Feyrer wrote:
The tests using SASL and SASL-IR in Thunderbird both fail to authenticate. I have tried using openssl s_client with the same result. I've run the auth command in three ways just to be sure I got the second example right. I even checked to make sure I've spelt my name right and the case of the letters.
EXTERNAL auth works only if this this also works:
a LOGIN username-from-cert ""
i.e. login with empty password.
passdb: driver: passwd-file args: /opt/etc/dovecot/passwd userdb: driver: passwd
/opt/etc/dovecot/passwd Stephen:{EXTERNAL}
So try {PLAIN} here.
Hi.
It didn't work. I tried first with {EXTERNAL} and then with {PLAIN} the
result below was the same in both cases.
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
AUTH=EXTERNAL] Dovecot ready. a LOGIN username-from-cert "" a NO [ALERT] Unsupported authentication mechanism. DONE
-- Thanks
Stephen Feyrer
On Tue, 16 Mar 2010 22:12:11 -0000, Timo Sirainen <tss@iki.fi> wrote:
On 17.3.2010, at 0.04, Stephen Feyrer wrote:
The tests using SASL and SASL-IR in Thunderbird both fail to
authenticate. I have tried using openssl s_client with the same
result. I've run the auth command in three ways just to be sure I got
the second example right. I even checked to make sure I've spelt my
name right and the case of the letters.EXTERNAL auth works only if this this also works:
a LOGIN username-from-cert ""
i.e. login with empty password.
passdb: driver: passwd-file args: /opt/etc/dovecot/passwd userdb: driver: passwd
/opt/etc/dovecot/passwd Stephen:{EXTERNAL}
So try {PLAIN} here.
And you also tested the external with the {PLAIN} too, right? Well, maybe it also wants nopassword=y extra field. See http://wiki.dovecot.org/AuthDatabase/PasswdFile how to add it. Maybe I should add {ANY} or something that makes "accept any password" easy..
On 17.3.2010, at 0.41, Stephen Feyrer wrote:
Hi.
It didn't work. I tried first with {EXTERNAL} and then with {PLAIN} the result below was the same in both cases.
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE AUTH=EXTERNAL] Dovecot ready. a LOGIN username-from-cert "" a NO [ALERT] Unsupported authentication mechanism. DONE
-- Thanks
Stephen Feyrer
On Tue, 16 Mar 2010 22:12:11 -0000, Timo Sirainen <tss@iki.fi> wrote:
On 17.3.2010, at 0.04, Stephen Feyrer wrote:
The tests using SASL and SASL-IR in Thunderbird both fail to authenticate. I have tried using openssl s_client with the same result. I've run the auth command in three ways just to be sure I got the second example right. I even checked to make sure I've spelt my name right and the case of the letters.
EXTERNAL auth works only if this this also works:
a LOGIN username-from-cert ""
i.e. login with empty password.
passdb: driver: passwd-file args: /opt/etc/dovecot/passwd userdb: driver: passwd
/opt/etc/dovecot/passwd Stephen:{EXTERNAL}
So try {PLAIN} here.
Hi.
I tried:
Stephen:{EXTERNAL}nopassword=y
and
Stephen:{PLAIN}nopassword=y
Both with the same result below.
-- Thanks,
Stephen Feyrer.
On Tue, 16 Mar 2010 22:47:45 -0000, Timo Sirainen <tss@iki.fi> wrote:
And you also tested the external with the {PLAIN} too, right? Well,
maybe it also wants nopassword=y extra field. See
http://wiki.dovecot.org/AuthDatabase/PasswdFile how to add it. Maybe I
should add {ANY} or something that makes "accept any password" easy..On 17.3.2010, at 0.41, Stephen Feyrer wrote:
Hi.
It didn't work. I tried first with {EXTERNAL} and then with {PLAIN}
the result below was the same in both cases.
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
AUTH=EXTERNAL] Dovecot ready. a LOGIN username-from-cert "" a NO [ALERT] Unsupported authentication mechanism. DONE-- Thanks
Stephen Feyrer
On 17.3.2010, at 1.09, Stephen Feyrer wrote:
Hi.
I tried:
Stephen:{EXTERNAL}nopassword=y
{EXTERNAL} is never going to work anywhere, because there's no such password scheme.
and
Stephen:{PLAIN}nopassword=y
This is the wrong format. It's more like:
Stephen:{PLAIN}::::::::nopassword=y
Just figure out the correct number of : characters (based on the wiki page I gave or just brute force).
Hi.
It works, I'm in! Authentication mechanism set to External and five
colons after {PLAIN} the command "a AUTHENTICATE EXTERNAL =" worked.
It was brute force that did the trick, after reading as much as I could
find about /etc/passwd file formats I was still none the wiser.
passwd file looks like this: Stephen:{PLAIN}:::::nopassword=y
Anyway the result is below:-
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
AUTH=EXTERNAL] Dovecot ready. a AUTHENTICATE EXTERNAL = a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT
SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE
CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC
ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in a list "" * - LIST (\HasNoChildren) "/" "INBOX" a OK List completed. a select INBOX
- FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
- OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags
permitted. - 0 EXISTS
- 0 RECENT
- OK [UIDVALIDITY 1268850687] UIDs valid
- OK [UIDNEXT 1] Predicted next UID
- OK [HIGHESTMODSEQ 1] Highest a OK [READ-WRITE] Select completed. DONE
Perhaps in the great game of snakes and ladders, I have now finally
reached square one?
-- A big Thank YOU!
Stephen Feyrer.
On Tue, 16 Mar 2010 23:10:57 -0000, Timo Sirainen <tss@iki.fi> wrote:
On 17.3.2010, at 1.09, Stephen Feyrer wrote:
Hi.
I tried:
Stephen:{EXTERNAL}nopassword=y
{EXTERNAL} is never going to work anywhere, because there's no such
password scheme.and
Stephen:{PLAIN}nopassword=y
This is the wrong format. It's more like:
Stephen:{PLAIN}::::::::nopassword=y
Just figure out the correct number of : characters (based on the wiki
page I gave or just brute force).
Quoting Stephen Feyrer <steve@toth.org.uk>:
Hi.
I'm trying to test EXTERNAL AUTHENTICATION in Dovecot. To do this I
first configured Thunderbird and Opera to use my server, neither of
them were successful. As a result I contacted both organisations to
enquire if they supported EXTERNAL AUTHENTICATION in their products.
Thunderbird responded and said yes. However, on closer inspection
my contact at Thunderbird identified that support for EXTERNAL
AUTHENTICATION was poor at best and then only in SMTP. From that
point on, my contact has been trying to implement support in
Thunderbird.
[snip]
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID
ENABLE AUTH=EXTERNAL] Dovecot ready. 01 AUTHENTICATE EXTERNAL
- 01 list "" * 01 NO [ALERT] Invalid base64 data in continued response
This is incorrect. You need this:
C: 01 AUTHENTICATE EXTERNAL S: + C: S: 01 OK
(you are missing the empty response back to the server)
Or, better yet (since SASL-IR is available):
C: 01 AUTHENTICATE EXTERNAL = S: 01 OK
michael
participants (3)
-
Michael M. Slusarz
-
Stephen Feyrer
-
Timo Sirainen