[Twisted-Python] SMTP authentication
Phil Mayers
p.mayers at imperial.ac.uk
Tue Jul 24 08:07:26 MDT 2012
On 24/07/12 14:31, Itamar Turner-Trauring wrote:
>
>
> On Tue, Jul 24, 2012 at 6:54 AM, Phil Mayers <p.mayers at imperial.ac.uk
> <mailto:p.mayers at imperial.ac.uk>> wrote:
>
> IIRC the Twisted SMTP stuff has support for handling auth errors and
> trying other methods; it should "just work".
>
>
> The code is a bit convoluted, so I can't be sure without more time than
> I want to spend on it, but I wouldn't expect it to try more than one
> auth method. If you send your username and password with CRAM-MD5 and
> got an error, why would you expect it to work with some other
> authentication method? It's still the same credentials.
Normally I'd agree. Unfortunately, SMTP like many other SASL-like
protocols presents the list of auth methods BEFORE the username is supplied.
The server may have different secret formats for different users; maybe
older accounts, whose passwords haven't changed in a while, only have a
unix-style crypt whereas newer ones have the MD5 secret as well.
I still think it's bad/buggy server behaviour to present an auth method
unless it can DEFINITELY service it for all clients. But if I understand
the issue correctly, that behaviour exists in the wild.
More information about the Twisted-Python
mailing list