ManageSieve: authenticate "EXTERNAL" not behaving correctly
Stephan Bosch
stephan at rename-it.nl
Sat Oct 28 18:18:51 EEST 2017
Op 10/26/2017 om 1:32 PM schreef Marc Weustink:
> Hi,
>
> I've enabled client certificate authentication for imap and
> managesieve. When I use Thunderbird with the sieve plugin it tries to
> login, but times out.
>
> Initially I reported this to the sieve plugin, but we came to the
> conclusion that it managesieve is misbehaving.
>
> https://github.com/thsmi/sieve/issues/94
>
> Thunderbird (win10-64) 52.4.0 (32bit)
> Sieve 0.2.3k
> Dovecot (Ubuntu 16.04.3 LTS) 2.2.33.1-1 (sid)
>
>
> What happens is the following (p=plugin sends m=managesieve sends)
>
> p:authenticate "EXTERNAL" ""
> m:""
>
> The response is unexpected. According to RFC 5804 an empty
> challenge/response is sent as an empty string. So I would expect:
>
> p:authenticate "EXTERNAL" ""
> m:OK "Logged in."
>
>
>
> With the use of gnutls-cli I could reproduce (c=I send m=managesieve
> sends)
> gnutls-cli --starttls --x509keyfile marc_mail.key --x509certfile
> marc_mail.crt -p sieve 172.17.1.4
>
> ...
> m:OK "TLS negotiation successful."
> c:authenticate "EXTERNAL" ""
> m:""
> c:""
> m:OK "Logged in."
>
>
> However if I try the "imap" syntax (rfc4959) I get logged in at once
>
> ...
> m:OK "TLS negotiation successful."
> c:authenticate "EXTERNAL" "="
> m:OK "Logged in."
>
> Note that this is an imap only extention, "=" is an invalid base64
> encoding.
Will get back on this later.
Regards,
Stephan.
More information about the dovecot
mailing list