On Tuesday 29 August 2006 00:45, Jürgen Herz wrote: > Ok, I reckoned with that argument. I'd say if their SASL support isn't > recognized, it's their own fault.
Sure. Graham's point is - a change in behaviour will break existing code that relies on Net::POP3 and that behaviour. My point is: There is no "own fault". Remember John Postels "law": "be conservative in what you do, be liberal in what you accept from others." > In contrast I've seen servers which > disconnect if confronted with mechanisms they don't know. That's no problem if that servers announce the mechisms they support. The "CRAM-MD5 fallback try" is only triggerered as a last try if the server does not announce SASL-support by CAPA or AUTH command. Do you know a POP3 server out there that matches this criterion? But as a programmer you always can use the capa() method to check if the server announces SASL to avoid the CRAM-MD5 fallback. [...] > > The actual version in repository is available at > > <http://svn.goingon.net/repos/libnet/trunk/Net/POP3.pm> > > (hopefully becoming 2.29, I hope Graham will bring it to CPAN). > > I've looked into that version. While the current code is good readable, > the changes in 2.28_2 are quite a mess for a Perl newbie like me. It was hard to write, it should be hard to read. What part in detail is the problem? > But could it be this new code already sorts out mechanisms not supported > by Authen::SASL before trying? The 2.28_2 implemention 1. uses CAPA/AUTH to detect the serverside mechnisms 2. checks if one of that mechnisms match the supported mechanisms of the clientside Authen::SASL object. One of the the mechanisms of intersection of serverside and clientside mechanisms is choosed and used for authentication. (Fail if intersection is empty). Achim
