Re: imap troubles

[Pawel Salek <pawsa theochem kth se>]

On 02/20/2004 01:56:13 AM, Kacper Wysocki wrote:
> [snip]
> Ha I must have forgotten myself. Here's 't is:
> * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
> NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
> BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE
> AUTH=PLAIN AUTH=KERBEROS_V4 AUTH=GSSAPI AUTH=ANONYMOUS SASL-IR
> . OK Completed
> 
> I don't see it advertising CRAM as an auth method, but then again I
> wouldn't know about these things.

Are we talking about the same server? I get:

openssl s_client -connect mail.cs.mcgill.ca:993
(ssl stuff omitted)
* OK mail.cs.mcgill.ca Cyrus IMAP4 v2.1.12 server ready
. capability
* CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS  
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT  
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS AUTH=LOGIN  
AUTH=PLAIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5
. OK Completed

CRAM-MD5 is clearly on the list. OTOH, this server is strange because it  
advertises STARTTLS for a connection that is already encrypted with SSL.  
Somebody has been messing around there - ordinary cyrus servers do not do  
that.

> Yeah, see earlier posts, gss is not compiled in as I couldn't get
> configure to find the libs.

If the capability line would be as above, balsa would try login method.

The best what balsa could try doing would be to provide some kind of  
"advanced" part of imap server configuration dialog with a checkbox  
saying "work around broken servers that claim to support challenge- 
response authentication but do not" or something to that effect. RFC  
requires that the strongest supported authentication method is tried  
first but of course we cannot stop users from shooting themselves in the  
foot if they want to :).

Pawel