On 02/14/2018 09:04 PM, Ray Satiro wrote:
Obviously the server does not require the password because the client
certificate authentication takes precedence; the AUTH command is
however needed before being able to use other commands. This looks
like a deviance from the description
(https://tools.ietf.org/html/draft-murchison-sasl-login-00), that has
been written "a posteriori" (probably by reverse engineering) and has
not become a standard. This document does not describe the case when
the password is not needed.
Interesting. If it's EXTERNAL then aren't you already logged in?
No, you're not. Servers that allow EXTERNAL should receive an explicit
AUTH EXTERNAL command to be logged in.
This server does not support EXTERNAL, but behaves as such with other
authentication methods (this is quite clever since many clients do not
support EXTERNAL).
Where is LOGIN prioritized over PLAIN and is there any effect of that
on this issue?
Priority is determined by the order of "else if" blocks starting at
https://github.com/curl/curl/blob/43a50a2580db2bfb28483a96964ae27b584472da/lib/curl_sasl.c#L292.
The only effect would be PLAIN will be chosen by curl instead of LOGIN
if both are supported by the server. This does not impact the "no LOGIN
password" problem, but will avoid using LOGIN if PLAIN is available.
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
