smtplib authentication - try all mechanisms

[shubes]

BPO	6683
Nosy	@akuchling, @giampaolo
Files	bug6683-patch.txt

^{Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.}

Show more details

GitHub fields:

assignee = None
closed_at = <Date 2013-11-11.19:03:54.621>
created_at = <Date 2009-08-11.16:17:15.487>
labels = ['easy', 'type-bug']
title = 'smtplib authentication - try all mechanisms'
updated_at = <Date 2013-11-11.19:03:54.619>
user = 'https://bugs.python.org/shubes'

bugs.python.org fields:

activity = <Date 2013-11-11.19:03:54.619>
actor = 'python-dev'
assignee = 'ghaering'
closed = True
closed_date = <Date 2013-11-11.19:03:54.621>
closer = 'python-dev'
components = []
creation = <Date 2009-08-11.16:17:15.487>
creator = 'shubes'
dependencies = []
files = ['27861']
hgrepos = []
issue_num = 6683
keywords = ['easy']
message_count = 8.0
messages = ['91478', '95665', '97947', '112981', '114126', '114161', '174667', '202640']
nosy_count = 8.0
nosy_names = ['akuchling', 'ghaering', 'giampaolo.rodola', 'shubes', 'aguynamedben', 'Enrico.Carlesso', 'alfmel', 'python-dev']
pr_nums = []
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'behavior'
url = 'https://bugs.python.org/issue6683'
versions = ['Python 2.6', 'Python 3.1', 'Python 2.7', 'Python 3.2']

[shubes]

The login method in smtplib.py tries only one authentication mechanism.
There are legitimate situations where cram-md5 might fail, yet plain or
login would succeed.

RFC2554 states:
If an AUTH command fails, the client may try another authentication
mechanism by issuing another AUTH command.

The login method should attempt all mechanisms in preferred_auths before
returning a failure. This will make the code more robust, returning a
failure only when absolutely no authentication is possible.

[aguynamedben]

Here is one work-around. The default smtplib.SMTP.login() doesn't work
for StrongMail out of the box.

http://www.harelmalka.com/?p=94&cpage=1

[EnricoCarlesso]

This affects tophost.it too. Unable to login with CRAM-MD5 but plain login (as described in referenced workaround) work fine.

[ghaering]

Fixed in r83742. I implemented this without a test case, because if we wait for a test case for this, we can wait forever (would need a SMTP server implementation in Python for the various auth methods).

[giampaolo]

A test suite is now available for both smtpd and smtplib modules.

[ghaering]

Wow! That's great!

[akuchling]

The attached patch against trunk (3.4) exercises the multiple-authentication functionality; the SMTP server advertises four different authentication methods,
and the code will try CRAM-MD5 first, which will fail, but LOGIN succeeds.

If this patch is OK, or if having a test isn't considered necessary, then this bug can be closed.

[python-dev]

New changeset 19912ad231a3 by Andrew Kuchling in branch 'default':
Closes bpo-6683: add a test that exercises multiple authentication.
http://hg.python.org/cpython/rev/19912ad231a3