Hi Jack: Am 29.12.16 18:17 schrieb(en) Jack:
On 2016.12.29 12:06, Albrecht Dreß wrote:For the hmac stuff (imap_auth_cram), you need access to an imap server supporting the 'CRAM-MD5' authentication mechanism. Unfortunately, I don't have access to such a server (dovecot supports it, though), so (iirc) I extracted the old and new methods from the source to compare their output.Is there any easy way to tell (from the client side) if an imap server supports this?
Yes! E.g. if your provider supports IMAP with TLS over port 143, simply run openssl s_client -starttls imap -connect your.provider.com:143 Then, enter 0001 CAPABILITY which should dump something like * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE AUTH=PLAIN AUTH=LOGIN AUTH=PLAIN 0001 OK completed It should say "AUTH=CRAM-MD5" here... However, other methods than LOGIN or PLAIN are rarely used these days, as the latter are safe over encrypted connections anyway.
Also, do you actually need access to he server, or can you test from the client side based on server response?
The server sends a challenge string, which is needed to calculate the hmac response, so the easy way is to actually use balsa, not the openssl session.
I'm only asking as I'm willing to help test, assuming the answers to the above questions indicate it is even possible.
Thanks in advance! Cheers, Albrecht.
Attachment:
pgpUvMWvfR50J.pgp
Description: PGP signature