the base64 of usernameNULLpasswordNULL
username\0username\0password\0
It's a bug. The response to that line should be something like
NO "Authenticate requires an argument"
However as I read in the RFC:
<snip>
The optional initial-response argument to the AUTHENTICATE command
is used to save a round trip when using authentication mechanisms
that are defined to send no data in the initial challenge. When
the
initial-response argument is used with such a mechanism, the
initial
empty challenge is not sent to the client and the server uses the
data in the initial-response argument as if it were sent in
response
to the empty challenge.
<snip>
Shouldn't that be interpreted that if other then #authenticate
"PLAIN" no further argument is given the server should send an empty
challenge? The extra argument only being there to be able to save the
extra roud trip as mentioned.
Marc
