I was digging through the Twisted IMAP code tonight and I noticed something
puzzling...
PLAINAuthenticator.challengeResponse() uses the following statement to send
auth credentials to the server
return '%s\0%s\0' % (self.user, secret)
which would give auth credentials of the form:
authid<NUL>password<NUL>
(where <NUL> is the NUL character)
However, both RFC2595 and RFC4616 (both define the PLAIN SASL mechanism),
say that credentials should be passed this way:
[authzid]<NUL>authnid<NUL>password
(where <NUL> is the NUL character and [authzid] is optional)
Now even if one was to leave the authzid out of the equation, you would end
up with something like this:
<NUL>authnid<NUL>password
and the version Twisted's IMAP code uses appears to be invalid.
Am I crazy?
Am I missing something?
Is it just way too late and I should put the RFCs down and back away slowly?
Kevin Horn
_______________________________________________
Twisted-Python mailing list
Twisted-Python@twistedmatrix.com
http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
