On 15 Mar 2012, at 13:16, Gokhan Sengun wrote: > Hello Folks, > > Based on my analysis on a reported issue, it is looking that curl does not > handle AUTH LOGIN as cleverly as it could. > > > I searched a bit but could not find an RFC corresponding to "AUTH LOGIN" > method although there are RFCs for AUTH PLAIN, AUTH CRAM-MD5 and AUTH > DIGEST-MD5.
http://tools.ietf.org/html/draft-murchison-sasl-login-00 from which I quote: “The LOGIN SASL mechanism SHOULD NOT be used by a client when other plaintext mechanisms are offered by a server.” Use SASL PLAIN instead, or indeed a more secure alternative such as SCRAM. It isn't generally possible to write an automatic LOGIN handler, because the protocol described is for an arbitrary series of interactions. -- Tim Bannister – [email protected]
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
