I was digging through the Twisted IMAP code tonight and I noticed something puzzling...
PLAINAuthenticator.challengeResponse() uses the following statement to send auth credentials to the server return '%s\0%s\0' % (self.user, secret) which would give auth credentials of the form: authid<NUL>password<NUL> (where <NUL> is the NUL character) However, both RFC2595 and RFC4616 (both define the PLAIN SASL mechanism), say that credentials should be passed this way: [authzid]<NUL>authnid<NUL>password (where <NUL> is the NUL character and [authzid] is optional) Now even if one was to leave the authzid out of the equation, you would end up with something like this: <NUL>authnid<NUL>password and the version Twisted's IMAP code uses appears to be invalid. Am I crazy? Am I missing something? Is it just way too late and I should put the RFCs down and back away slowly? Kevin Horn
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python