MBOX-Line: From gds at chartertn.net  Thu Oct 26 22:23:23 2017
To: imap-protocol@u.washington.edu
From: Gene Smith <gds@chartertn.net>
Date: Fri Jun  8 12:34:55 2018
Subject: [Imap-protocol] authenticate LOGIN question
In-Reply-To: <CAByav=gBnVkLg+4z90ewBvKRVtOrEQ7XESfirEQ1dyx=Sb0MXw@mail.gmail.com>
References: <38137c2b-f1f1-2bed-e22f-2aea7fa50ac3@chartertn.net>
	<CAByav=gBnVkLg+4z90ewBvKRVtOrEQ7XESfirEQ1dyx=Sb0MXw@mail.gmail.com>
Message-ID: <8204fbd1-3679-c8cc-7f92-d4307867ece0@chartertn.net>

While working on thunderbird bug 1408610 (*) I attempted to do an 
"authenticate LOGIN" to the imap.mail.yahoo.com server with unsuccessful 
results (tb = thunderbird, yh = yahoo):

tb:  2 authenticate LOGIN
yh:  +                     <-- no Username: "challenge" sent here.
tb:   <base64 encoded uid>
yh:  + <base64 encoded string saying auth string is bad>
tb:  <base64 encoded password>
yh:  2 BAD [AUTHENTICATIONFAILED] LOGIN Invalid credentials

I get this result when sent by tb or when sent manually using openssl. I 
have tried several variants to see if it would work such as sending 
separate base64 encoded and spaced separated uid and pwd right after the 
first yh + response. Also tried base64 encoded "\0<uid>\0<pwd>", that 
works for PLAIN, after yh + response and others variations to no avail.

Authenticate PLAIN and simple imap login with normal ascii uid and pwd 
text work OK. Noticed that few imap servers even support "authenticate 
LOGIN". One that I did find that supports it, after providing the uid 
and pwd, reports RENEGOTIATING and then openssl crashes.

Only official documentation I could find on "authenticate login" is
https://tools.ietf.org/html/draft-murchison-sasl-login-00 but it only 
provides an example for smtp.

-gene
P/S: The yahoo server reports a capability AUTH=LOGIN
(*) https://bugzilla.mozilla.org/show_bug.cgi?id=1408610