Hi all,

I took the opportunity last night to add support to POP3 for more secure
authentication mechanisms in a local branch. This was a relatively easy
process, borrowing a few bits of code from SMTP.

Rather than define a new bunch of authentication mechanisms equivalent to
the SMTP_AUTH_* I moved these into a new header file (curl_sasl.h) and
renamed the #defines accordingly (as we discussed sometime last year). As
this introduces a new header file, will any of the makefiles / other build
files require the inclusion of this header? I will fix up the VC6 project
file accordingly but I was wondering what else may require knowledge of this
file.

The code is still very much work in progress but I would hope to start
committing bits after the release next week.

So far I have added support for NTLM and PLAIN as Exchange only supports
GSSAPI, NTLM and PLAIN in the 2010 version. Does anyone have access to a
POP3 server that supports LOGIN, CRAM-MD5 or DIGEST-MD5 that we could use to
test the other mechanisms from SMTP with? Once we have that working I can
then look at extracting responses and creating some test harnesses.

I have also coded it so that if the server doesn't support the AUTH command
and it fails it will fallback to clear text USER / PASS combination which is
how authentication is currently implemented in curl.

I would also like to add APOP support as well, which like clear text, works
outside of the SASL mechanism with the AUTH command. From what I have read,
APOP is supported when the server includes a timestamp at the end of the
server greeting. Again does anyone have or use a server that supports this?

Any additional thoughts would be welcome.

Kind Regards

Steve

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-05-18