Complete.Org: Mailing Lists: Archives: offlineimap: November 2002:
Re: rev 281 - in offlineimap/head: . debian offlineimap bin
Home

Re: rev 281 - in offlineimap/head: . debian offlineimap bin

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: John Goerzen <jgoerzen@xxxxxxxxxxxx>
Cc: offlineimap@xxxxxxxxxxxx
Subject: Re: rev 281 - in offlineimap/head: . debian offlineimap bin
From: Martijn Pieters <mj@xxxxxxxx>
Date: Tue, 5 Nov 2002 14:02:06 -0500

On Tue, Nov 05, 2002 at 12:10:34PM -0600, John Goerzen wrote:
> OK, so you can confirm that it actually works for you now?
>=20
> There's a Debian user that is still having troubles making it authenticat=
e,
> so it's good to know that it at least works for someone.

It doesn't work, because you are padding the wrong item. The RFC says you
have to pad the shared secret; the password, not the challenge. Take a look
at the fetchmail sourcecode for example, in cram.c.

More exmaples:

  http://sourceforge.net/tracker/?func=3Ddetail&atid=3D305470&aid=3D460112&=
group_id=3D5470
    Patch for CRAM-MD5 support for SMTP, all in Python.

  http://search.cpan.org/src/KJOHNSON/NetxAP-0.02/Net/IMAP.pm
    (search for 'sub authenticate_cram')

  http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/spruce/spruce-devel/src/cr=
am-md5.c?rev=3DHEAD&content-type=3Dtext/vnd.viewcvs-markup

 =20
=46rom the Python patch I infer that the HMAC library would be taking care =
of
the padding.

--=20
Martijn Pieters
| Software Engineer  mailto:mj@xxxxxxxx
| Zope Corporation   http://www.zope.com/
| Creators of Zope   http://www.zope.org/
---------------------------------------------


[Prev in Thread] Current Thread [Next in Thread]