cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: AUTH LOGIN with SMTP

From: Tim Bannister <isoma_at_jellybaby.net>
Date: Thu, 15 Mar 2012 18:48:04 +0000

On 15 Mar 2012, at 13:16, Gokhan Sengun wrote:

> Hello Folks,
>
> Based on my analysis on a reported issue, it is looking that curl does not handle AUTH LOGIN as cleverly as it could.
>
>
> I searched a bit but could not find an RFC corresponding to "AUTH LOGIN" method although there are RFCs for AUTH PLAIN, AUTH CRAM-MD5 and AUTH DIGEST-MD5.

http://tools.ietf.org/html/draft-murchison-sasl-login-00 from which I quote: “The LOGIN SASL mechanism SHOULD NOT be used by a client when other plaintext mechanisms are offered by a server.”

Use SASL PLAIN instead, or indeed a more secure alternative such as SCRAM.

It isn't generally possible to write an automatic LOGIN handler, because the protocol described is for an arbitrary series of interactions.

-- 
Tim Bannister – isoma_at_jellybaby.net

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

  • application/pkcs7-signature attachment: smime.p7s
Received on 2012-03-15