On 02/14/2018 09:04 PM, Ray Satiro wrote:

Obviously the server does not require the password because the client
certificate authentication takes precedence; the AUTH command is
however needed before being able to use other commands. This looks
like a deviance from the description
(https://tools.ietf.org/html/draft-murchison-sasl-login-00), that has
been written "a posteriori" (probably by reverse engineering) and has
not become a standard. This document does not describe the case when
the password is not needed.
Interesting. If it's EXTERNAL then aren't you already logged in?
No, you're not. Servers that allow EXTERNAL should receive an explicit AUTH EXTERNAL command to be logged in. This server does not support EXTERNAL, but behaves as such with other authentication methods (this is quite clever since many clients do not support EXTERNAL).
Where is LOGIN prioritized over PLAIN and is there any effect of that on this issue?

Priority is determined by the order of "else if" blocks starting at https://github.com/curl/curl/blob/43a50a2580db2bfb28483a96964ae27b584472da/lib/curl_sasl.c#L292. The only effect would be PLAIN will be chosen by curl instead of LOGIN if both are supported by the server. This does not impact the "no LOGIN password" problem, but will avoid using LOGIN if PLAIN is available.
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Reply via email to