search

python / cpython

The Python programming language
https://www.python.org
Other
63.38k stars 30.35k forks source link

CRAM-MD5 module #37082

Closed doko42 closed 21 years ago

doko42 commented 22 years ago
BPO 599679
Nosy @gvanrossum, @doko42

Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

Show more details

GitHub fields: ```python assignee = None closed_at = created_at = labels = ['extension-modules', 'type-feature'] title = 'CRAM-MD5 module' updated_at = user = 'https://github.com/doko42' ``` bugs.python.org fields: ```python activity = actor = 'pierslauder' assignee = 'pierslauder' closed = True closed_date = None closer = None components = ['Extension Modules'] creation = creator = 'doko' dependencies = [] files = [] hgrepos = [] issue_num = 599679 keywords = [] message_count = 5.0 messages = ['12151', '12152', '12153', '12154', '12155'] nosy_count = 4.0 nosy_names = ['gvanrossum', 'doko', 'ghaering', 'pierslauder'] pr_nums = [] priority = 'normal' resolution = None stage = None status = 'closed' superseder = None type = 'enhancement' url = 'https://bugs.python.org/issue599679' versions = [] ```

doko42 commented 22 years ago

[Taken from http://bugs.debian.org/154283]

A request to provide CRAM-MD5 authentification (in imaplib).

8a54bb72-6b25-473e-a449-295c9db8c6ab commented 22 years ago

Logged In: YES user_id=163326

Well, the necessary code could probably be found in smtplib.py. Perhaps it only needs to be adapted.

gvanrossum commented 22 years ago

Logged In: YES user_id=6380

Assigning to Piers Lauder, who supports the imaplib module.

But it would be nice if you submitted a patch.

5a406dc1-17ed-436a-b95f-f503f6ec7b5a commented 22 years ago

Logged In: YES user_id=196212

The support is already present for doing CRAM-MD5 authentication. For instance the following code should work:

  def authenticator(challenge):
    import hmac
    return User + " " + hamc.HMAC(Password,
challenge).hexdigest()

  M = imaplib.IMAP4(host)
  M.authenticate('CRAM-MD5', authenticator)

Let me know if it works for you, and i'll consider adding the code to IMAP4.login to try CRAM-MD5 automatically provided it appears in the server capabilities response. (I'm reluctant to do so because similar code in smtplib failed to work for some SMTP server versions and broke login completely.)

5a406dc1-17ed-436a-b95f-f503f6ec7b5a commented 21 years ago

Logged In: YES user_id=196212

I've added a "login_cram_md5" method to imaplib.py that performs CRAM-MD5 authentication.

This way users can be certain which authentication method is in use - they are either getting passwords transmitted in cleartext if they use "login", or they can try" login_cram_md5" to attempt the shared-secret style of authentication.