On Sun, 29 Nov 2009, Rick wrote:
Charlie Brady wrote:
[...]or should use a SASL challenge string in the context of AUTH PLAIN.
RFC4954 was more clear:
The AUTH command initiates a [SASL] authentication exchange between the
client and the server.
[...]
A server challenge is sent as a 334 reply with the text part containing the
[BASE64] encoded string supplied by the SASL mechanism. This challenge MUST
NOT contain any text other than the BASE64 encoded challenge.
Yep, I agree that that is clearer.
I promise I'm not making this up.
I've never implied that you were.
What I've been doing is looking for RFC speficitions of what a client
should do when:
1. It receives a 334 reply with a text part when it is expecting a 334
reply with no text part.
2. When it receives a 334 reply with a text part which is not a BASE64
encoded string.
It's quite possible that there are both client and server protocol
violations here.
---
Charlie
