On Wed, 29 Jul 2009 00:54:20 -0500, Kevin Horn <kevin.h...@gmail.com> wrote: >I was digging through the Twisted IMAP code tonight and I noticed something >puzzling... > >PLAINAuthenticator.challengeResponse() uses the following statement to send >auth credentials to the server > > return '%s\0%s\0' % (self.user, secret) > >which would give auth credentials of the form: > > authid<NUL>password<NUL> > > (where <NUL> is the NUL character) > >However, both RFC2595 and RFC4616 (both define the PLAIN SASL mechanism), >say that credentials should be passed this way: > > [authzid]<NUL>authnid<NUL>password > > (where <NUL> is the NUL character and [authzid] is optional) > >Now even if one was to leave the authzid out of the equation, you would end >up with something like this: > > <NUL>authnid<NUL>password > >and the version Twisted's IMAP code uses appears to be invalid. > >Am I crazy? >Am I missing something? >Is it just way too late and I should put the RFCs down and back away slowly?
My early morning reading of the RFC agrees with yours. Someone else brought this up a long time ago, I think, but never pointed out the RFC. Can you file a ticket? Jean-Paul _______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
