RE: POP3 Authentication
Date: Sat, 2 Jun 2012 12:38:12 +0100
On Sun, 28 May 2012, Daniel Stenberg wrote:
> > As this introduces a new command I have updated the test cases as I see
> > appropriate - however, being a Windows Developer and not having a Linux
> > style console to hand I have been unable to verify these. I would
> > if someone could run them please and provide appropriate feedback -
> > you.
> I've run them and they seem to run fine!
Thank you - I think I missed Test 800, so I'm not sure how that continued
working or if the additional AUTH replies were even necessary :-/
> > * To change pop3_endofresp() depending on the feedback I receive ;-)
> > * Introduce PLAIN and NTLM authentication mechanisms
> > * Add new test cases for these
> Sounds awesome. I'll take off on a little work trip to China this week so
> might not respond to anything in a while, but don't let that stop you! :-)
I hope you had a good trip.
I have added support for the AUTH command and for PLAIN, LOGIN and NTLM
mechanisms - I think would also be worthwhile adding support for DIGEST-MD
and CRAM-MD5 as we have in SMTP - so I guess you could say I'm just over
half way through ;-)
As such I am thinking about the test cases more and have attached my first
attempt at Test 816 (for PLAIN authentication) if someone would be so kind
to take a look.
I see Yang has now pushed some changes to the server code to support the
AUTH command, which is great, but I am a little lost as to what I need to do
to support some AUTH mechanisms in the test cases for POP3.
The first question is... Do I still need to have a replycmd for the AUTH
query in the xml? For example:
REPLY AUTH +OK\r\nPLAIN\r\n.
If so, how do I add a reply for the "AUTH PLAIN" that the client will send
when choosing plain as the mechanism? The server needs to respond with the +
command for continue. Would I need the following as a replycmd::
REPLY AUTH PLAIN +
With this would the server interpret that as a "PLAIN +" reply to AUTH or a
"+" reply to "AUTH PLAIN" ?
Or is this simply not needed and I need to tell the server what
authentication mechanisms are supported with another config option?
In this example, I would expect the full communication between the client
and server to be:
S: +OK cURL POP3 server ready to serve
C: AUTH PLAIN
S: +OK User authenticated
S: +OK No messages
S: +OK byebye
Cheers in advance
- application/octet-stream attachment: test816