cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: AUTH LOGIN with SMTP

From: Tim Bannister <isoma_at_jellybaby.net>
Date: Thu, 15 Mar 2012 18:48:04 +0000

On 15 Mar 2012, at 13:16, Gokhan Sengun wrote:

> Hello Folks,
>
> Based on my analysis on a reported issue, it is looking that curl does not handle AUTH LOGIN as cleverly as it could.
>
>
> I searched a bit but could not find an RFC corresponding to "AUTH LOGIN" method although there are RFCs for AUTH PLAIN, AUTH CRAM-MD5 and AUTH DIGEST-MD5.

http://tools.ietf.org/html/draft-murchison-sasl-login-00 from which I quote: �The LOGIN SASL mechanism SHOULD NOT be used by a client when other plaintext mechanisms are offered by a server.�

Use SASL PLAIN instead, or indeed a more secure alternative such as SCRAM.

It isn't generally possible to write an automatic LOGIN handler, because the protocol described is for an arbitrary series of interactions.

-- 
Tim Bannister � isoma_at_jellybaby.net

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

application/pkcs7-signature attachment: smime.p7s

Received on 2012-03-15

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: Reuse conditions of ssh connection?"
Previous message: Mason: "Using libcurl on top of lwip on POSIX embedded platform (take 2)"
In reply to: Gokhan Sengun: "AUTH LOGIN with SMTP"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]