Re: [Evolution-hackers] IMAP preauthenticated

[David Shifflett <shifflett nps edu>]

I am pretty sure I am not using STARTTLS.
How would I verify?
Is it a client side configuration item, or server side?

Here are the IMAP packets I captured (linebreaks inserted for clarity):
> Response: * PREAUTH [CAPABILITY IMAP4REV1 LITERAL+ IDLE NAMESPACE
>      MAILBOX-REFERRALS BINARY UNSELECT SCAN SORT THREAD=REFERENCES
>      THREAD=ORDEREDSUBJECT MULTIAPPEND] Pre-authenticated user mdemo1
>      mlsserver.cisrlabmlstestbed1.com IMAP4rev1 2003.346 at
>      Fri, 16 Mar 2007 08:42:52 -0800 (PST)
> Request: A00000 CAPABILITY
> Response: * CAPABILITY IMAP4REV1 LITERAL+ IDLE NAMESPACE
>      MAILBOX-REFERRALS BINARY UNSELECT SCAN SORT THREAD=REFERENCES
>      THREAD=ORDEREDSUBJECT MULTIAPPEND SASL-IR LOGIN-REFERRALS AUTH=LOGIN
> Request: A00001 LOGIN mdemo1 <snipped>
> Response: A00001 BAD Command unrecognized: LOGIN

Here are the first few IMAP packets using Thunderbird as the client:
> Response: * PREAUTH [CAPABILITY IMAP4REV1 LITERAL+ IDLE NAMESPACE
>      MAILBOX-REFERRALS BINARY UNSELECT SCAN SORT THREAD=REFERENCES
>      THREAD=ORDEREDSUBJECT MULTIAPPEND] Pre-authenticated user mdemo1
>      mlsserver.cisrlabmlstestbed1.com IMAP4rev1 2003.346 at
>      Fri, 16 Mar 2007 08:45:19 -0800 (PST)
> Request: 1 capability
> Response: * CAPABILITY IMAP4REV1 LITERAL+ IDLE NAMESPACE
>      MAILBOX-REFERRALS BINARY UNSELECT SCAN SORT THREAD=REFERENCES
>      THREAD=ORDEREDSUBJECT MULTIAPPEND SASL-IR LOGIN-REFERRALS AUTH=LOGIN
> Request: 2 namespace
> Response: * NAMESPACE (("" "/")("#mhinbox" NIL)("#mh/" "/")) (("~" "/"))
>      (("#shared/" "/")("#ftp/" "/")("#news." ".")("#public/" "/"))

Thanks for any help you can give me.
Dave

Philip Van Hoof wrote:

> Does the PREAUTH happen before or after the STARTTLS, or aren't you
> using STARTTLS?
>
> ps. You can break on this line to check what is in "buf". It's in
> camel-imap-store.c around line 700 (mine is heavily patched, so the line
> might differ).
>
> static gboolean
> connect_to_server (CamelService *service, struct addrinfo *ai, int
> ssl_mode, CamelException *ex)
> {
> ...
> 	if (!strncmp(buf, "* PREAUTH", 9))
> 		store->preauthed = TRUE;
> ...
> }
>
>
> On Tue, 2007-03-13 at 14:12 -0700, David Shifflett wrote:
>
> > How do I configure Evolution such that it doesn't
> > try and send a username/password (via the LOGIN command)?
> >
> > My IMAP server is configured to have the users
> > preauthenticated.
> > The IMAP server sends PREAUTH as part of the initial
> > message, but Evolution ignores this
> > and tries the LOGIN command anyway,
> > which of course causes IMAP to generate an error
> > (it isn't expecting a LOGIN command).
> >
> > The IMAP server is part of a research project
> > and the user has already been authenticated,
> > so no login is required (or allowed).
> > This IMAP server works fine with Mozilla, Thunderbird,
> > and even Outlook Express.
> >
> > Thanks for any help,
> > David Shifflett
> >
> >
> >
> > _______________________________________________
> > Evolution-hackers mailing list
> > Evolution-hackers gnome org
> > http://mail.gnome.org/mailman/listinfo/evolution-hackers