Re: [lemonade] SASL DIGEST MD5 issue
Jayantheesh S B <j.sb@sta.samsung.com> Wed, 16 April 2014 18:06 UTC
Return-Path: <j.sb@sta.samsung.com>
X-Original-To: lemonade@ietfa.amsl.com
Delivered-To: lemonade@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B41191A02AF for <lemonade@ietfa.amsl.com>; Wed, 16 Apr 2014 11:06:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.328
X-Spam-Level: **
X-Spam-Status: No, score=2.328 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HTML_MESSAGE=0.001, J_CHICKENPOX_35=0.6, J_CHICKENPOX_37=0.6, J_CHICKENPOX_39=0.6, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.272, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vVOkKrbVJufS for <lemonade@ietfa.amsl.com>; Wed, 16 Apr 2014 11:06:05 -0700 (PDT)
Received: from cuda4.sta.samsung.com (mailedge.sta.samsung.com [63.166.115.23]) by ietfa.amsl.com (Postfix) with ESMTP id 33F761A02AC for <lemonade@ietf.org>; Wed, 16 Apr 2014 11:06:05 -0700 (PDT)
X-ASG-Debug-ID: 1397671560-056fcf0c5c4eb870001-DCE58c
Received: from exHub4.telecom.sna.samsung.com ([105.52.12.225]) by cuda4.sta.samsung.com with ESMTP id 7idMex3BFHrPuZzK; Wed, 16 Apr 2014 13:06:00 -0500 (CDT)
X-Barracuda-Envelope-From: j.sb@sta.samsung.com
X-Barracuda-RBL-Trusted-Forwarder: 105.52.12.225
X-ASG-Whitelist: Client
Received: from EXMB5.telecom.sna.samsung.com ([fe80::5f4:56d9:ea68:f480]) by exHub4.telecom.sna.samsung.com ([2002:6934:ce1::6934:ce1]) with mapi id 14.03.0146.000; Wed, 16 Apr 2014 13:06:00 -0500
From: Jayantheesh S B <j.sb@sta.samsung.com>
X-Barracuda-BWL-IP: fe80::5f4:56d9:ea68:f480
To: 'Timo Sirainen' <tss@iki.fi>
Thread-Topic: [lemonade] SASL DIGEST MD5 issue
X-ASG-Orig-Subj: RE: [lemonade] SASL DIGEST MD5 issue
Thread-Index: AQHPWZhQF3x/QdCMj0aQM9KPtsStsZsUgqSA
Date: Wed, 16 Apr 2014 18:06:00 +0000
Message-ID: <02454F842DD7B449B96715A2AD90C0361A13ED5F@exMB5.telecom.sna.samsung.com>
References: <02454F842DD7B449B96715A2AD90C0361A13CE58@exMB5.telecom.sna.samsung.com> <EDE313CE-5D8E-469F-9BEB-D25134AF0768@iki.fi>
In-Reply-To: <EDE313CE-5D8E-469F-9BEB-D25134AF0768@iki.fi>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [105.52.12.197]
Content-Type: multipart/alternative; boundary="_000_02454F842DD7B449B96715A2AD90C0361A13ED5FexMB5telecomsna_"
MIME-Version: 1.0
X-Barracuda-Connect: UNKNOWN[105.52.12.225]
X-Barracuda-Start-Time: 1397671560
X-Barracuda-URL: http://65.169.250.23:8000/cgi-mod/mark.cgi
X-Virus-Scanned: by bsmtpd at sta.samsung.com
X-Barracuda-BRTS-Status: 1
Archived-At: http://mailarchive.ietf.org/arch/msg/lemonade/A9r8f6l-iaH9TPIM7fr1L72Mr9s
Cc: "'lemonade@ietf.org'" <lemonade@ietf.org>
Subject: Re: [lemonade] SASL DIGEST MD5 issue
X-BeenThere: lemonade@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Enhancements to Internet email to support diverse service enivronments <lemonade.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lemonade>, <mailto:lemonade-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lemonade/>
List-Post: <mailto:lemonade@ietf.org>
List-Help: <mailto:lemonade-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lemonade>, <mailto:lemonade-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Apr 2014 18:06:10 -0000
Hi Timo, Thanks for your response. We are not sure about the Devcot POP Server version, One of customer has reported this issue from the market. Customer is having account with email.dk (mail.telenar.uk) which uses Devcot POP server. So, we do not have the control over POP server. Please find the response sent by the client and its decoded version. Y2hhcnNldD11dGYtOCx1c2VybmFtZT0iSmVucy5qZW5zZW5AZW1haWwuZGsiLHJlYWxtPSJtYWlsLnRlbGVub3IuZGsiLG5vbmNlPSJ3dTYwQ3VianpwTmxMOFJPcVJYbVJ3PT0iLG5jPTAwMDAwMDAxLGNub25jZT0iMzQzNTU3NTU2NzI2ODYzNzAzMyIsZGlnZXN0LXVyaT0icG9wL21haWwudGVsZW5vci5kayIscmVzcG9uc2U9NzU0NDMwN2VmMDQyNzE3MTNhZDUzN2FlMWQxZDRjMGMscW9wPWF1dGg= charset=utf-8,username="Jens.jensen@email.dk",realm="mail.telenor.dk",nonce="wu60CubjzpNlL8ROqRXmRw==",nc=00000001,cnonce="3435575567268637033",digest-uri="pop/mail.telenor.dk",response=7544307ef04271713ad537ae1d1d4c0c,qop=auth Regards, Jay From: Timo Sirainen [mailto:tss@iki.fi] Sent: Wednesday, April 16, 2014 1:22 PM To: Jayantheesh S B Cc: lemonade@ietf.org Subject: Re: [lemonade] SASL DIGEST MD5 issue What Dovecot version is this? Is the password stored as DIGEST-MD5 hash or as plaintext? If as DIGEST-MD5, maybe it was generated wrong. If as plaintext, maybe Dovecot has a bug related to generating the DIGEST-MD5 hash, I remember there used to be some bug related to that. And in general the problem might be something completely different, Dovecot logs with auth_debug=yes could show something useful. On 15.4.2014, at 18.56, Jayantheesh S B <j.sb@sta.samsung.com<mailto:j.sb@sta.samsung.com>> wrote: Kindly clarify our query related to DIGEST MD5 implementation. We always getting Authentication failed with Dovecot server. Same implementation is working fine with "Isode.com<http://isode.com/>" server. Please find the transaction snippet below. By decoding the base64 We see realm is empty. As per RFC 2831, this directive is optional. Since, server is not sending the realm, client populates the realm as per the below quotes. Still dovecot server rejects it. We are clue less and we are not sure why server is rejecting the request, kindly throw some light on this issue. RFC 2831 Quotes: realm Mechanistically, a string which can enable users to know which username and password to use, in case they might have different ones for different servers. Conceptually, it is the name of a collection of accounts that might include the user's account. This string should contain at least the name of the host performing the authentication and might additionally indicate the collection of users who might have access. An example might be "registered_users@gotham.news.example.com<mailto:registered_users@gotham.news.example.com>". This directive is optional; if not present, the client SHOULD solicit it from the user or be able to compute a default; a plausible default might be the realm supplied by the user when they logged in to the client system. Multiple realm directives are allowed, in which case the user or client must choose one as the realm for which to supply to username and password Transaction Snippet: 04-15 12:07:18.654 22363 22859 D Email : <<< +OK Dovecot ready. 04-15 12:07:18.724 22363 22859 D Email : >>> CAPA 04-15 12:07:19.034 22363 22859 D Email : <<< +OK 04-15 12:07:19.084 22363 22859 D Email : <<< CAPA 04-15 12:07:19.124 22363 22859 D Email : <<< TOP 04-15 12:07:19.194 22363 22859 D Email : <<< UIDL 04-15 12:07:19.234 22363 22859 D Email : <<< RESP-CODES 04-15 12:07:19.334 22363 22859 D Email : <<< PIPELINING 04-15 12:07:19.384 22363 22859 D Email : <<< STLS 04-15 12:07:19.454 22363 22859 D Email : <<< USER 04-15 12:07:19.514 22363 22859 D Email : <<< SASL PLAIN LOGIN DIGEST-MD5 04-15 12:07:19.574 22363 22859 D Email : <<< . 04-15 12:07:33.574 22363 22859 D Email : >>> AUTH DIGEST-MD5 04-15 12:07:33.754 22363 22859 D Email : <<< + cmVhbG09IiIsbm9uY2U9Ind1NjBDdWJqenBObEw4Uk9xUlhtUnc9PSIscW9wPSJhdXRoIixjaGFyc2V0PSJ1dGYtOCIsYWxnb3JpdGhtPSJtZDUtc2VzcyI= 04-15 12:07:33.784 22363 22859 D Pop3Store: digestChallenge=cmVhbG09IiIsbm9uY2U9Ind1NjBDdWJqenBObEw4Uk9xUlhtUnc9PSIscW9wPSJhdXRoIixjaGFyc2V0PSJ1dGYtOCIsYWxnb3JpdGhtPSJtZDUtc2VzcyI= 04-15 12:07:33.844 22363 22859 D DigestAuth: generateDigestResponse 04-15 12:07:33.884 22363 22859 D DigestAuth: index=5 key=realm value="" 04-15 12:07:33.934 22363 22859 D DigestAuth: index=5 key=nonce value="wu60CubjzpNlL8ROqRXmRw==" 04-15 12:07:33.954 22363 22859 D DigestAuth: index=3 key=qop value="auth" 04-15 12:07:34.014 22363 22859 D DigestAuth: index=7 key=charset value="utf-8" 04-15 12:07:34.064 22363 22859 D DigestAuth: index=9 key=algorithm value="md5-sess" 04-15 12:07:34.094 22363 22859 E DigestAuth: realm="" 04-15 12:07:34.114 22363 22859 E DigestAuth: charset="utf-8" 04-15 12:07:34.154 22363 22859 E DigestAuth: qop="auth" 04-15 12:07:34.194 22363 22859 E DigestAuth: algorithm="md5-sess" 04-15 12:07:34.224 22363 22859 E DigestAuth: nonce="wu60CubjzpNlL8ROqRXmRw==" 04-15 12:09:04.044 22363 22859 D Email : >>> Y2hhcnNldD11dGYtOCx1c2VybmFtZT0iSmVucy5qZW5zZW5AZW1haWwuZGsiLHJlYWxtPSJtYWlsLnRlbGVub3IuZGsiLG5vbmNlPSJ3dTYwQ3VianpwTmxMOFJPcVJYbVJ3PT0iLG5jPTAwMDAwMDAxLGNub25jZT0iMzQzNTU3NTU2NzI2ODYzNzAzMyIsZGlnZXN0LXVyaT0icG9wL21haWwudGVsZW5vci5kayIscmVzcG9uc2U9NzU0NDMwN2VmMDQyNzE3MTNhZDUzN2FlMWQxZDRjMGMscW9wPWF1dGg= 04-15 12:09:05.744 22363 22859 D Email : <<< -ERR Authentication failed. 04-15 12:09:21.594 22363 22859 D Email : >>> QUIT 04-15 12:09:21.924 22363 22859 D Email : <<< +OK Logging out. Regards, Jay _______________________________________________ lemonade mailing list lemonade@ietf.org<mailto:lemonade@ietf.org> https://www.ietf.org/mailman/listinfo/lemonade Supplemental Web Site: http://www.standardstrack.com/ietf/lemonade
- [lemonade] SASL DIGEST MD5 issue Jayantheesh S B
- Re: [lemonade] SASL DIGEST MD5 issue Timo Sirainen
- Re: [lemonade] SASL DIGEST MD5 issue Jayantheesh S B