Open temuccio opened 4 years ago
Adding this to the end of our roadmap
I'm happy to collaborate to implement this Feature.
Sounds good :) I assume the Horde libs can already handle this. So we should only need a new structure for the authentication method (new attribute inthe accounts table?) and a switch in the user interface.
Hi @ChristophWurst, sorry for my delay.
I have check Horde libs and it support this authentication.
For your interested, I have check that in:
vendor/pear-pear.horde.org/Horde_imap_Client/Horde/Imap/Client/Socket/Pop3.php
and
vendor/pear-pear.horde.org/Horde_Smtp/Horde/Smtp.php
is implemented the strong authentication.
As you annunced, it is necessary to add a "select" for decide what is the method of authetication.
How you pass the parameter to Hord?
new attribute inthe accounts table
basically that. and then just read it through a getter on the account class in the IMAP client factory.
Hello :wave:, looked into this issue today.
CRAM-MD5 / DIGEST-MD5: Is already supported. If the connection to the imap server is unencrypted and CRAM-MD5 or DIGEST-MD5 are supported.
XOAUTH2: Would be nice for Gmail users. Code to use XOAUTH2 for authentication to IMAP and SMTP is there but the process to obtain an access token via OAUTH needs to be done. I guess that's somehow similar to https://github.com/nextcloud/integration_google. Additional information: https://developers.google.com/gmail/imap/xoauth2-protocol / https://developers.google.com/identity/protocols/oauth2.
OAUTHEBEARER: Similar to XOAUTH2 but not supported yet by Horde.
SCRAM-SHA-1: https://github.com/nextcloud/mail/pull/4377
GSSAPI: Roundcube seems to support it: https://github.com/roundcube/roundcubemail/blob/65c9d08e0146692ead7107d839fa06e52ed1216e/program/lib/Roundcube/rcube_imap_generic.php#L650-L723. Some extension for PHP is required.
CRAM-MD5 / DIGEST-MD5: Is already supported. If the connection to the imap server is unencrypted and CRAM-MD5 or DIGEST-MD5 are supported.
I think these two are actually interesting for SMTP.
Horde will use the automatically if appropriate.
My apologies. I didn't read the error message properly. I added a mailbox named "Sent" and it worked. Looking forward to porting this support to the built-in mailer (saw someone requesting it)
XOAUTH2: Would be nice for Gmail users. Code to use XOAUTH2 for authentication to IMAP and SMTP is there but the process to obtain an access token via OAUTH needs to be done. I guess that's somehow similar to https://github.com/nextcloud/integration_google. Additional information: https://developers.google.com/gmail/imap/xoauth2-protocol / https://developers.google.com/identity/protocols/oauth2.
In more SCRAM-SHA-1, I request SCRAM-SHA-1-PLUS, SCRAM-SHA-256, SCRAM-SHA-256-PLUS, SCRAM-SHA-512, SCRAM-SHA-512-PLUS, SCRAM-SHA3-512, SCRAM-SHA3-512-PLUS.
Note: CRAM-MD5 and DIGEST-MD5 are unsecure.
Please read all:
20 November 2008: CRAM-MD5 to Historic:
29 June 2017: CRAM-MD5 to Historic:
July 2011: RFC6331: Moving DIGEST-MD5 to Historic:
August 2021: RFC9051: Internet Message Access Protocol (IMAP) - Version 4rev2: "Replaced DIGEST-MD5 SASL mechanism with SCRAM-SHA-256. DIGEST-MD5 was deprecated."
I add same about SCRAM-MD5.
There are now:
Soon:
Thanks a lot for the links @Neustradamus. I've updated the list at https://github.com/nextcloud/mail/issues/3146#issue-623075405 to reflect the current state.
Hello. I need GSSAPI support. When are you planning to add this feature?
Hello. I need GSSAPI support. When are you planning to add this feature?
There are no plans right now. https://nextcloud.com/contribute/ or https://nextcloud.com/enterprise/ could be two options to get this feature earlier.
Feature Request
Include support strong authentication alternative to PLAIN and LOGIN such us:
Summary
In my case I have try to connect mail with my server that support CRAM-MD5 and DIGEST-MD5 without positive response. It is interesting to include this support such as most important clients of mail for extend the usage. I'm happy to collaborate to implement this Feature. Have nice day.
References