[Twisted-Python] PLAINAuthenticator in twisted.mail.imap4
kevin.horn at gmail.com
Wed Jul 29 11:51:01 EDT 2009
On Wed, Jul 29, 2009 at 6:29 AM, Jean-Paul Calderone <exarkun at divmod.com>wrote:
> On Wed, 29 Jul 2009 00:54:20 -0500, Kevin Horn <kevin.horn at gmail.com>
> >I was digging through the Twisted IMAP code tonight and I noticed
> >PLAINAuthenticator.challengeResponse() uses the following statement to
> >auth credentials to the server
> > return '%s\0%s\0' % (self.user, secret)
> >which would give auth credentials of the form:
> > authid<NUL>password<NUL>
> > (where <NUL> is the NUL character)
> >However, both RFC2595 and RFC4616 (both define the PLAIN SASL mechanism),
> >say that credentials should be passed this way:
> > [authzid]<NUL>authnid<NUL>password
> > (where <NUL> is the NUL character and [authzid] is optional)
> >Now even if one was to leave the authzid out of the equation, you would
> >up with something like this:
> > <NUL>authnid<NUL>password
> >and the version Twisted's IMAP code uses appears to be invalid.
> >Am I crazy?
> >Am I missing something?
> >Is it just way too late and I should put the RFCs down and back away
> My early morning reading of the RFC agrees with yours. Someone else
> this up a long time ago, I think, but never pointed out the RFC.
> Can you file a ticket?
At least I'm not crazy... :)
Ticket #3939 filed: http://twistedmatrix.com/trac/ticket/3939
also added a note in the ticket that PLAINCredentials may need to be
modified to match
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Twisted-Python