Hello,
looks like SASL capability reported by dovecot in response to POP3 CAPA
command doesn't conforms with rfc2449 which says:
Examples:
C: CAPA
S: +OK Capability list follows
S: TOP
S: USER
S: SASL CRAM-MD5 KERBEROS_V4
S: RESP-CODES
S: LOGIN-DELAY 900
S: PIPELINING
S: EXPIRE 60
S: UIDL
S: IMPLEMENTATION Shlemazle-Plotz-v302
S: .
And later:
The POP3 AUTH command [POP-AUTH] permits the use of [SASL]
authentication mechanisms with POP3. The SASL capability
indicates that the AUTH command is available and that it supports
an optional base64 encoded second argument for an initial client
response as described in the SASL specification. The argument to
the SASL capability is a space separated list of SASL mechanisms
which are supported. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Dovecot sends SASL capability as list of AUTH=FOO pairs. Looks like
copy-paste from IMAP code. Patch attached.
Best regards.
--
Andrey Panin | Linux and UNIX system administrator
pazke at donpac.ru | PGP key: wwwkeys.pgp.net
-------------- next part --------------
diff -urpNX /usr/share/dontdiff
dovecot-1.0-test29.vanilla/src/pop3-login/client-authenticate.c
dovecot-1.0-test29/src/pop3-login/client-authenticate.c
--- dovecot-1.0-test29.vanilla/src/pop3-login/client-authenticate.c 2004-07-14
14:48:01.000000000 +0400
+++ dovecot-1.0-test29/src/pop3-login/client-authenticate.c 2004-07-22
13:46:07.000000000 +0400
@@ -37,7 +37,6 @@ int cmd_capa(struct pop3_client *client,
if (mech[i].advertise &&
(client->secured || !mech[i].plaintext)) {
str_append_c(str, ' ');
- str_append(str, "AUTH=");
str_append(str, mech[i].name);
}
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20040722/7c70bc3d/attachment-0001.bin>
